lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <008c01caa072$51487760$010000c0@ml>
Date: Fri, 29 Jan 2010 01:33:25 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Multiple vulnerabilities in XAMPP (advisories #1
	and #2)

Hello Full-Disclosure!

I want to warn you about multiple vulnerabilities in XAMPP. I disclosed at
my site multiple vulnerabilities in XAMPP in 2009 (in total 7 advisories).
And informed developers about them.

Also I published these vulnerabilities at securityvulns.ru
(securityvulns.com). And now I'm informing you about them. I will combine 7
advisories in 4 letters to mailing list.

-----------------------------
Advisory #1
-----------------------------
Cross-Site Scripting vulnerability in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3220/
-----------------------------
Timeline:

09.12.2008 - found the vulnerability.
10.06.2009 - disclosed at my site.
11.06.2009 - informed developers.
-----------------------------
Details:

This is Cross-Site Scripting vulnerability.

XSS:

Vulnerability in xamppsecurity.php.

http://websecurity.com.ua/uploads/2009/XAMPP%20XSS.html

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).

-----------------------------
Advisory #2
-----------------------------
Multiple vulnerabilities in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3230/
-----------------------------
Timeline:

11.06.2009 - found the vulnerabilities.
13.06.2009 - announced at my site.
14.06.2009 - informed developers.
16.07.2009 - disclosed at my site.
-----------------------------
Details:

These are Predictable Resource Location, Information Leakage, Cross-Site
Scripting and Directory Traversal vulnerabilities.

Predictable Resource Location:

There are standard paths to resources in XAMPP, which can be used for
attack.

http://site/security/ - security service of XAMPP
http://site/xampp/ - admin panel of XAMPP
http://site/phpmyadmin/ - PhpMyAdmin
http://site/webalizer/ - Webalizer

Information Leakage:

http://site/webalizer/

Access to Webalizer is not restricted and taking into account that path to
the resource is known, anyone can gain access to statistic of the site,
which can lead to considerable information leakage, including about
different resources at the site.

Information Leakage:

http://site/security/

Security service of XAMPP (XAMPP SECURITY [Security Check 1.0]), if access
to it is opened, leads to information leakage.

It shows information about version of PHP and about status of components of
XAMPP, particularly PhpMyAdmin.

XSS:

http://site/xampp/showcode.php?TEXT[global-showcode]=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Directory Traversal:

http://site/xampp/showcode.php?showcode=1&file=../index.php

Works with register globals on.

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).

-----------------------------

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ