XAMPP Local Write Access Vulnerability - Oct14 Network Vulnerability

Summary

This host is installed with XAMPP and is prone to arbitrary file download vulnerability.

Impact

Successful exploitation will allow remote attacker to manipulate the file and execute arbitrary script or HTML code. Impact Level: Application

Solution

Upgrade to version 1.8.2 or later, For updates refer http://sourceforge.net/projects/xampp

Insight

Flaw is due to /xampp/lang.php script not properly handling WriteIntoLocalDisk method (i.e) granting write access to the lang.tmp file to unprivileged users.

Affected

XAMPP version 1.8.1, Prior versions may also be affected.

Detection

Send a crafted HTTP GET request and check whether it is able to write data into local file or not.

References

http://packetstormsecurity.com/files/123407
http://www.exploit-db.com/exploits/28654
http://xforce.iss.net/xforce/xfdb/87499

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-2586

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tiles Multiple XSS Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities