Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XAMPP (File disclosure)
Posted by: the_storm
Date: January 12, 2011 04:35PM

Hey guys I have a website that contains XAMPP v 1.7.3 which according to this http://www.exploit-db.com/exploits/15370/ there is a File disclosure vulnerable and when I executed it. There is a vulnerable and I am able to view c:boot.ini and files in the XAMPP folder.. but there is an error when I try to read files except boot.ini or files out the XAMPP folder. For example,
When I read this one
http://www.site.com/xampp/showcode.php/c:xampp/htdocs/xampp/biorhythm.php?showcode=1

I get the code of the page correctly

but when I tried to read
http://www.site.com/xampp/showcode.php/C:Windows/System32/config/SAM?showcode=1

I got this error
Warning: file_get_contents(SAM) [function.file-get-contents]: failed to open stream: No such file or directory in C:\xampp\htdocs\xampp\showcode.php on line 10

and When I tried another file inside the C partition I get the same error again and again.

also when I try to read a file in the website .For example,

http://www.site.com/xampp/showcode.php/c:xampp/htdocs/su/susite/index.php?showcode=1

I got a source code of the index page of XAMPP application, and I don't get the index in the subfolder susite.. and I am sure that the path of the file is correct .. so the question now is What is the problem and how can I read all files ... I tried that the way of LFI for example if u r using LFI and u wannna read passwd file . u should do this ../../../../../etc/passwd
I tried the same technique but it failed/

The second question is.. the server that has Vulnerable Xampp application is a windows 2003 server ... I wanna now the files that contain the users and password to read it through the vulnerable for example, in linux it is passwd file. Isn't in Windows SAM file?

also this server has phpmyadmin application Webalizer
Mercury Mail
FileZilla FTP

I wanna know the path of the configuration file so i can read it and extract the password of phpmyadmin

That's all guys :). I know there are a lot if question but I don't have a perfect site except sla.ckers.org and Welcome back we missed u :)

Thank u guys un advance :)

Options: ReplyQuote
Re: XAMPP (File disclosure)
Posted by: Reiners
Date: January 13, 2011 08:19AM

the SAM file is correct, but you do not have the privileges to read it (yes sometimes this occurs even on windows ;)). More precisely you never can open the SAM file while the OS is running. however there may be an backup located here: C:/WINDOWS/repair/sam
Install phpmyadmin and FileZilla locally to see where the passwords are stored.

Options: ReplyQuote
Re: XAMPP (File disclosure)
Posted by: VMw4r3
Date: January 15, 2011 04:56PM

On winxp The Filezilla passwords are stored in plain text.

c:\Documents and Settings\%USERNAME%\Application Data\FileZilla\sitemanager.xml

And

c:\Documents and Settings\%USERNAME%\Application Data\FileZilla\recentservers.xml

On Windows 7.

C:\Users\%USERNAME%\AppData\Roaming\FileZilla\sitemanager.xml

And

C:\Users\%USERNAME%\AppData\Roaming\FileZilla\recentservers.xml



Edited 1 time(s). Last edit at 01/15/2011 05:00PM by VMw4r3.

Options: ReplyQuote
Re: XAMPP (File disclosure)
Posted by: Kyo
Date: January 15, 2011 08:43PM

there's a bunch of stuff you can do in XAMPP. You can also inject your own code in the language variable.

Options: ReplyQuote
Re: XAMPP (File disclosure)
Posted by: the_storm
Date: January 16, 2011 06:13AM

Kyo Wrote:
-------------------------------------------------------
> there's a bunch of stuff you can do in XAMPP. You
> can also inject your own code in the language
> variable.

Excuse me dude, could u explain more??

Options: ReplyQuote
Re: XAMPP (File disclosure)
Posted by: Net_Spy
Date: June 12, 2011 08:43AM

I have question reagarding xampp is there any way to bypass .htaccess . cause whem im tryint to access path /xampp it as me for password , sounds like folder if protected with .htaccess . hope to hear from you guys.


Regards
Net_Spy

Options: ReplyQuote


Sorry, only registered users may post in this forum.