Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
xampp
critical
nessus
exploit available
Published: 2007-04-18
Updated: 2017-10-11
Summary
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Additionally, this issue is remotely exploitable only if the installation is not secured as described in the manual.
Vulnerable Configurations
| Part | Description | Count |
| Application | Xampp | 1 |
Exploit-Db
| description | XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit. CVE-2007-2079,CVE-2007-2080. Remote exploit for windows platform |
| file | exploits/windows/remote/3738.php |
| id | EDB-ID:3738 |
| last seen | 2016-01-31 |
| modified | 2007-04-15 |
| platform | windows |
| port | 80 |
| published | 2007-04-15 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/3738/ |
| title | XAMPP for Windows <= 1.6.0a mssql_connect Remote BoF Exploit |
| type | remote |
Nessus
| NASL family | CGI abuses |
| NASL id | XAMPP_ADODB_MSSQL_CONNECT_OVERFLOW.NASL |
| description | The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of XAMPP includes a PHP interpreter that is affected by a buffer overflow involving calls to |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25117 |
| published | 2007-04-30 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25117 |
| title | XAMPP ADOdb mssql_connect Remote Buffer Overflow |