XAMPP v5.6.30 Local Buffer Overflow Exploit

# Title : XAMPP v5.6.30 Local Buffer Overflow Exploit
# Date : 5/27/2017
# Author : Guardiran Security Team
# Tested On : Windows 10
# Demo Video : https://www.youtube.com/watch?v=fCay_l0dfcE&feature=youtu.be
# CVE : -
# Exploitation Technique : Local
# Product & Service Introduction : https://www.apachefriends.org/index.html
# Link Softwar : https://www.apachefriends.org/download.html
# Version : v5.6.30

Description : 

Hello Guys.
The vulnerability is caused by the lack of restrictions on the number of characters
On Configuration of Control Panel [ Editor ]
Character limit was applied only up to 256 characters If The Number Of characters 
Be up to 256 characters The Softwar will crash.

[ModuleNames]
Apache=Apache
MySQL=MySQL
FileZilla=FileZilla
Mercury=Mercury
Tomcat=Tomcat


[Common]
Edition=
Editor=257 characters [ if the number of characters Be up to 256 characters The Softwar will crash]
Browser=
Debug=0
Debuglevel=0
TomcatVisible=1
Language=en
Minimized=0

========================================================

Exploit : 

1- Run Xampp Control Panel [ xampp-control.exe]
2- Click Config > Editor
3- Select A Name With 257 Character Or up to 257 characters
4- Click Save
5- If You Click The Each Button The Softwar Will Crash


Error Log : 
1-Access Violation at address 0040A192 id module 'xampp-control.exe'
&
2-Access Violation at address 0065AE42 id module 'xampp-control.exe'


=========================================================

Discovered By : DeMoN
Tnx All Member Guardiran Security Team

#  0day.today [2018-04-09]  #