Hello 3APA3A!
I want to warn you about security vulnerabilities in XAMPP.
These are Information Leakage, Cross-Site Request Forgery and SQL
Injection vulnerabilities.
Information Leakage:
During access to admin panel (via Insufficient Authorization
vulnerabilities) it's possible to gain a lot of information about the
system.
CSRF:
It's possible to delete or add data in test table (as via CSRF, and as via
Insufficient Authorization vulnerabilities). And also to conduct SQL
Injection via CSRF attacks.
SQL Injection:
http://site/xampp/cds.php?action=del&id=-1%20or%201=1
http://site/xampp/cds.php?interpret=1&titel=1&jahr=1),(version(),1,1
http://site/xampp/cds.php?interpret=1&titel=',1,1),(version(),1,1)/* (mq
off)
http://site/xampp/cds.php?titel=1&interpret=',1),(version(),1,1)/* (mq off)
Attack is possible during access to admin panel (via Insufficient
Authorization), or via CSRF.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3250/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
!DSPAM:4a6b39de321581906965960!