XAMPP 1.7.2 Administrative Bypass

2009-12-07T00:00:00
ID PACKETSTORM:83547
Type packetstorm
Reporter bi0
Modified 2009-12-07T00:00:00

Description

                                        
                                            `  
  
______ __ ______   
/\ == \ /\ \ /\ __ \   
\ \ __< \ \ \ \ \ \/\ \   
\ \_____\ \ \_\ \ \_____\   
\/_____/ \/_/ \/_____/   
  
  
[#]----------------------------------------------------------------[#]  
#   
# [x] XAMPP 1.7.2 Change Administrative Password   
# [x] Author : bi0  
# [x] Contact : bukibv@hotmail.com   
# [+] Download : http://www.apachefriends.org/en/xampp-windows.html  
#  
[#]----------------------------------------------------------------[#]  
#  
# [x] Exploit :   
#   
# At the older versions of xampp "xamppsecurity.php" was allowed   
# only for localhost but at version 1.7.2 i accessible by all  
#   
# http://example.com/security/xamppsecurity.php  
#  
# And you can change the .htacces user & pass and the phpMyAdmin pass  
#  
[#]----------------------------------------------------------------[#]  
#  
# Demo :   
#   
# [+] http://www.rrp.demokritos.gr/security/xamppsecurity.php  
#  
#  
#  
[#]----------------------------------------------------------------[#]  
`