Title XAMPP 'cds.php' SQL Injection vulnerability
Provided and/or Discovered By:
Jaykishan Nirmal from Aujas Networks
3rd October, 2008
Input Validation Error
Exploit/Proof of Concept:
http://www.example.com/xampp/cds.php?action=del&id=1 or 1
In PHP-script called 'cds.php', parameter 'id' is vulnerable to SQL Injection attacks.
Input passed to the 'id' parameter in 'cds.php' isn't properly sanitized before being used in a
SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code
which can delete all CD record(s) stored in database.
This issue is due to a failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.
XAMPP v1.6.8 (Earlier versions might be affected)
Windows (Others might be affected)
XAMPP Home Page – http://www.apachefriends.org/en/xampp.html
SecurityFocus – http://www.securityfocus.com/bid/31564
02-10-2008: Aujas Networks notifies XAMPP development team about vulnerability
02-10-2008: Vendor response
Jaykishan.nirmal [at] aujas [dot] com