Shulou(Shulou.com)05/31 Report--

How to carry out XAMPP arbitrary command execution to enhance the privilege vulnerability CVE-2020-11107 analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Introduction to 0x00

XAMPP is a site-building integration package, an easy-to-install Apache distribution that includes MySQL, PHP, and Perl. Similar to WampServer,phpstudy, it can run on Wndows, Linux, Mac OS, and other operations. XAMPP is really easy to install and use: just download, extract, start, and make it easy for penetration testers to build a variety of web environments.

Overview of 0x01 vulnerabilities

  found a problem in XAMPP 7.2.29 on Windows, 7.3.x before 7.3.16, and 7.4.x before 7.4.4. Non-privileged users can change the .exe configuration in xampp-contol.ini for all users (including administrators). When a malicious user modifies the configuration, the administrator will execute the code created by the malicious user when the administrator views the log through xampp.

0x02 affects version

Apache Friends XAMPP

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.