## Title: ApacheFriends-XAMPP-Version-8.2.12-Bypass-Microsoft-Security-Privilege-Escalation-LCE-RCE-0day ## Author: nu11secur1ty ## Date: 12/13/2023 ## Vendor: https://www.apachefriends.org/ ## Software: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.12/xampp-windows-x64-8.2.12-0-VS16-installer.exe/download ## Reference: https://portswigger.net/web-security/access-control ## Description: A successful attack can be possible when the attacker is hacking the XAMPP Windows web server, or he can find a way to upload the exploit on the server of the victim. The next scenario is the attacker must find a weak sanitizing function to upload the malicious PHP exploit and exploit this vulnerability. The local attack is easier than ever and ABSOLUTELY - DANGEROUS. The normal - administrator user can get a system privilege and can inject every DLL library, he can steal all information of the users of this system, and, etc. ## Microsoft answer: Thank you again for submitting this issue to Microsoft. We determined that a fix will not be released for the reported behavior. We have closed this case. STATUS: MEDIUM-HIGH Vulnerability [+]Exploit: m0r3: https://www.nu11secur1ty.com/2023/12/php8-php-curl-rce-privilage-escalation.html ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/XAMPP/docs/ApacheFriends-XAMPP-Version-8.2.12-Bypass-Microsoft-Security-Privilege-Escalation-LCE-RCE-0day) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/12/php8-php-curl-rce-privilage-escalation.html) ## Time spent: 00:17:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>