|
Hello 3APA3A!
I want to warn you about security vulnerabilities in XAMPP.
These are Insufficient Authentication, Cross-Site Scripting and SQL Injection vulnerabilities.
Insufficient Authentication:
http://site/xampp/
There are such sites, where access to admin panel of XAMPP is not restricted by password.
XSS:
POST query at page http://site/xampp/adodb.php
"><script>alert(document.cookie)</script>
In fields: Database server, Host, Username, Password, Current database, Selected table.
SQL Injection:
Attack is conducted during access to admin panel of XAMPP - via above-mentioned Insufficient
Authorization vulnerability or via Insufficient Authorization vulnerability which was found
earlier (http://websecurity.com.ua/3220/).
At page http://site/xampp/adodb.php
cds where 1=0 union select version(),0,0,0
In field Selected table.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions (including last
version XAMPP 1.7.1).
I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3233/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
!DSPAM:4a65f256202288653636022!
|
