Shulou(Shulou.com)05/31 Report--

How to carry out XAMPP arbitrary command execution vulnerability CVE-2020-11107 analysis, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this can learn, I hope you can gain something.

1. Introduction to vulnerabilities 1. Introduction to XAMPP

XAMPP (Apache+MySQL+PHP+PERL) is a powerful website building integration package. The original name of the package was LAMPP, but to avoid misunderstanding, the latest versions have been renamed XAMPP. It can be installed and used under Windows, Linux, Solaris, Mac OS X and other operating systems. It supports multiple languages: English, Simplified Chinese, Traditional Chinese, Korean, Russian, Japanese, etc. XAMPP is really easy to install and use: just download, unzip, and boot. This software is similar to phpstudy.

2. Causes of loopholes

Under Windows, XAMPP allows non-administrator accounts to access and modify the configuration of its editor and browser. The default configuration of the editor is notepad.exe. Once the configuration is modified, every user who can access the XAMPP control panel changes the configuration. When an attacker sets the editor value to a malicious.exe file or.bat file, and if an administrator account views apache log files through the XAMPP control panel, the malicious.exe file or.bat file can be executed to achieve arbitrary command execution.

3. Scope of influence

Apache Friends XAMPP

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.