XAMPP 1.7.2 Change Administrative Password

vendor:

XAMPP

by:

bi0

3.3

CVSS

MEDIUM

Change Administrative Password

N/A

CWE

Product Name: XAMPP

Affected Version From: 1.7.2002

Affected Version To: 1.7.2002

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP / Windows Vista

2009

XAMPP 1.7.2 Change Administrative Password

At the older versions of xampp 'xamppsecurity.php' was allowed only for localhost but at version 1.7.2 it is accessible by all. And you can change the .htacces user & pass and the phpMyAdmin pass.

Mitigation:

Restrict access to xamppsecurity.php to localhost only.

Source

Exploit-DB raw data:

# Title: XAMPP 1.7.2 Change Administrative Password
# Date: 11/12/2009
# Author: bi0
# Software Link: http://www.apachefriends.org/en/xampp-windows.html
# Version: 1.7.2
# Tested on: Windows XP / Windows Vista
# CVE : ()

                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/


[#]----------------------------------------------------------------[#]
#
# [x] XAMPP 1.7.2 Change Administrative Password
# [x] Author : bi0
# [x] Contact : bukibv@hotmail.com
# [+] Download : http://www.apachefriends.org/en/xampp-windows.html
#
[#]----------------------------------------------------------------[#]
#
# [x] Exploit :
#
#   At the older versions of xampp "xamppsecurity.php" was allowed
#   only for localhost but at version 1.7.2 i accessible by all
#
#   http://example.com/security/xamppsecurity.php
#
#   And you can change the .htacces user & pass and the phpMyAdmin pass
#
[#]----------------------------------------------------------------[#]

#EOF