| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jan 2010 01:30:16 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <bugtraq@...urityfocus.com> Subject: Multiple vulnerabilities in XAMPP (advisories #1 and #2) Hello Bugtraq! I want to warn you about multiple vulnerabilities in XAMPP. I disclosed at my site multiple vulnerabilities in XAMPP in 2009 (in total 7 advisories). And informed developers about them. Also I published these vulnerabilities at securityvulns.ru (securityvulns.com). And now I'm informing you about them. I will combine 7 advisories in 4 letters to mailing list. ----------------------------- Advisory #1 ----------------------------- Cross-Site Scripting vulnerability in XAMPP ----------------------------- URL: http://websecurity.com.ua/3220/ ----------------------------- Timeline: 09.12.2008 - found the vulnerability. 10.06.2009 - disclosed at my site. 11.06.2009 - informed developers. ----------------------------- Details: This is Cross-Site Scripting vulnerability. XSS: Vulnerability in xamppsecurity.php. http://websecurity.com.ua/uploads/2009/XAMPP%20XSS.html Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions (including last version XAMPP 1.7.1). ----------------------------- Advisory #2 ----------------------------- Multiple vulnerabilities in XAMPP ----------------------------- URL: http://websecurity.com.ua/3230/ ----------------------------- Timeline: 11.06.2009 - found the vulnerabilities. 13.06.2009 - announced at my site. 14.06.2009 - informed developers. 16.07.2009 - disclosed at my site. ----------------------------- Details: These are Predictable Resource Location, Information Leakage, Cross-Site Scripting and Directory Traversal vulnerabilities. Predictable Resource Location: There are standard paths to resources in XAMPP, which can be used for attack. http://site/security/ - security service of XAMPP http://site/xampp/ - admin panel of XAMPP http://site/phpmyadmin/ - PhpMyAdmin http://site/webalizer/ - Webalizer Information Leakage: http://site/webalizer/ Access to Webalizer is not restricted and taking into account that path to the resource is known, anyone can gain access to statistic of the site, which can lead to considerable information leakage, including about different resources at the site. Information Leakage: http://site/security/ Security service of XAMPP (XAMPP SECURITY [Security Check 1.0]), if access to it is opened, leads to information leakage. It shows information about version of PHP and about status of components of XAMPP, particularly PhpMyAdmin. XSS: http://site/xampp/showcode.php?TEXT[global-showcode]=%3Cscript%3Ealert(document.cookie)%3C/script%3E Directory Traversal: http://site/xampp/showcode.php?showcode=1&file=../index.php Works with register globals on. Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions (including last version XAMPP 1.7.1). ----------------------------- Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Powered by blists - more mailing lists