XAMPP 1.7.2 Change Administrative Password

2009-12-11T00:00:00
ID EDB-ID:10391
Type exploitdb
Reporter bi0
Modified 2009-12-11T00:00:00

Description

XAMPP 1.7.2 Change Administrative Password. CVE-2008-6498. Webapps exploit for php platform

                                        
                                            # Title: XAMPP 1.7.2 Change Administrative Password
# Date: 11/12/2009
# Author: bi0
# Software Link: http://www.apachefriends.org/en/xampp-windows.html
# Version: 1.7.2
# Tested on: Windows XP / Windows Vista
# CVE : ()

                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/


[#]----------------------------------------------------------------[#]
#
# [x] XAMPP 1.7.2 Change Administrative Password
# [x] Author : bi0
# [x] Contact : bukibv@hotmail.com
# [+] Download : http://www.apachefriends.org/en/xampp-windows.html
#
[#]----------------------------------------------------------------[#]
#
# [x] Exploit :
#
#   At the older versions of xampp "xamppsecurity.php" was allowed
#   only for localhost but at version 1.7.2 i accessible by all
#
#   http://example.com/security/xamppsecurity.php
#
#   And you can change the .htacces user & pass and the phpMyAdmin pass
#
[#]----------------------------------------------------------------[#]

#EOF