XAMPP version 7.4.6 resolves the critical CVE-2020-11107 local privilege escalation vulnerability found in earlier versions. While 7.4.6 mitigates this flaw, users should ensure proper configuration and security to avoid other potential vulnerabilities. Read the Apache Friends blog regarding the vulnerability at Apache Friends . Security vulnerability in XAMPP for Windows
Add a Windows Firewall rule to block public access to port 80/3306 unless absolutely needed.
Configure Apache ( httpd.conf ) to listen solely to local traffic: Listen 127.0.0.1:80 .
By securing your PHPMyAdmin, setting a strong MySQL root password, and keeping your XAMPP installation updated, you can mitigate the risk of these common vulnerabilities.
The "746 exploit" works because Windows allows certain file writes. Run PowerShell as Admin: xampp for windows 746 exploit
A specially crafted HTTP/2 request can cause a crash via memory corruption, leading to a Denial of Service.
XAMPP is an incredibly popular, open-source stack that allows developers to easily install Apache, MariaDB/MySQL, PHP, and Perl on their local machines. It is the go-to tool for turning a Windows PC into a local web server for development and testing.
The "746 exploit" context highlights the dangers of using development tools without proper security precautions. While XAMPP is a fantastic tool, it is not designed to be a secure production web server.
: The issue resides in a simple configuration file named xampp-control.ini located in the XAMPP installation directory. This file defines startup parameters for the XAMPP Control Panel executable, including which text editor to use for viewing logs. The problem is that this file is writable by any user on the system, not just administrators. XAMPP version 7
A working Proof-of-Concept (PoC) for this vulnerability is publicly available, making it a practical threat for systems that have not been patched.
: This exploit is actively being used "in the wild" to deliver malware such as Gh0st RAT , RedTail cryptominers , and the Muhstik botnet. 2. Local Privilege Escalation (CVE-2020-11107)
: The xampp-control.ini contains an entry for the text editor, which is set by default to notepad.exe . An attacker can modify this entry. For example, they can change it from Editor=notepad.exe to point to their own malicious executable, say: Editor=C:\Users\Public\malicious.bat or C:\path\to\shell.exe .
Find this block:
An attacker scans the internet for exposed XAMPP installations. If they find one, they typically attempt to:
Many older XAMPP installations had weak or default credentials for WebDAV. Attackers can use tools like Metasploit to exploit these, upload a PHP payload, and gain unauthorized access.
A known vulnerability allowed attackers to create a payload that could be stored on the server and then executed to start a reverse shell against the target. This type of exploit can be executed via the Metasploit framework.