XAMPP 'cds.php' SQL Injection vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052470 漏洞类型
发布时间 2008-10-06 更新时间 2008-10-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008100018
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Title XAMPP 'cds.php' SQL Injection vulnerability

Provided and/or Discovered By:
Jaykishan Nirmal from Aujas Networks


Release Date:
3rd October, 2008

Class

Input Validation Error

Risk
High

Remotely Exploitable
Yes

Locally Exploitable
Yes

Vulnerable File
http://www.example.com/xampp/cds.php

Exploit/Proof of Concept:
http://www.example.com/xampp/cds.php?action=del&id=1 or 1

Technical Details
In PHP-script called 'cds.php', parameter 'id' is vulnerable to SQL Injection attacks.
Input passed to the 'id' parameter in 'cds.php' isn't properly sanitized before being used in a
SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code
which can delete all CD record(s) stored in database.
This issue is due to a failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.

Vulnerable Versions:
XAMPP v1.6.8 (Earlier versions might be affected)

Platform:
Windows (Others might be affected)

Reference(s)
XAMPP Home Page – http://www.apachefriends.org/en/xampp.html
SecurityFocus – http://www.securityfocus.com/bid/31564

Report Timeline(s)
02-10-2008: Aujas Networks notifies XAMPP development team about vulnerability
02-10-2008: Vendor response

Contact
Jaykishan.nirmal [at] aujas [dot] com