Proof Of Concept For Learning Management System Exploits

Proof of Concept for Learning Management System Exploits

By: Johnny Watts
Created On: Fri, 19 Nov 2021 23:14:19 EST
Category: Articles

Online Learning Management System using PHP/MySQLi with Source Code

Vulnerabilities Exploited:

While testing and confirming the above known exploits, Security Researcher, Johnny Watts has found an additional arbitrary file upload flaw in the "classroom materials" upload function. The researcher was able to successfully upload a php command shell which he used to gain further access to the target system. Upon some initial enumeration the researcher quickly determined that there was a previously unknown flaw in XAMPP for Windows with Apache2 running as a service with the default settings. The default settings run the Apache2 service as the privileged user "nt authority\system" which is a member of the "Builtin\Administrator" group. Since a successful shell runs as the user running the Apache2 Server, the shell grants full administrative rights.

In the PoC video, Johnny Watts (also known by his hacker alias "Kaotick J") demonstrates the use of his custom shell code, The Not So Simple PHP Command Shell to exploit each of the known flaws, as well as gaining persistent control of the target system via the chain of flaws.

To prevent XAMPP for Windows from running the Apache2 Service with elevated privileges, Mr. Watts advises the following strategy:

"When installing the Apache2 Service from XAMPP, the Service will, by default, assign the logon user as the nt authority\system server admin account. To prevent the Apache2 Service from running with elevated rights, we should create a standard windows user account, and assign the ownership of the htdocs folder to that standard user. Once the ownership has been changed, the new user should be given a password, and the Apache2 service should be set to run under the new user account"

In this video, Security Researcher, Johnny Watts, demonstrates how to fix the issue of XAMPP's Apache2 Service running with elevated privileges.

DISCLAIMERS:

The target system in this demonstration is a Virtual Machine running on the researcher's own system. There is no unlawful activity in this video. The music in the video is from Spotify Public Playlist Hack the Box

Thanks for Reading. You may also like some of these popular articles:

Critical Security Vulnerability in XAMPP for Windows
A critical security vulnerability has been identified in the default settings of the Apache service configuration within XAMPP on Windows systems. This flaw, discovered by Security Researcher Kaotickj, raises significant security concerns. [ Read ]

Frequently Asked Questions About Web Design
I’ve compiled this list of questions that I frequently get from clients and visitors to provide you with a better understanding of what Web Designers do, and how your Business can benefit from hiring a professional Web Designer. [ Read ]

6 Reasons Your Local Business Listings Need to Be Accurate
All local business listings for your business must be accurate! Incomplete or inaccurate information can be the deciding factor in a potential customer's decision between you and your competitor! [ Read ]

How to Respond to Negative Reviews
How you respond to a negative review impacts not only the reviewer, but all the sets of eyes that come afterward. Seeing a business handle a particularly challenging review online suggests that management is proud of their business, and willing to go the extra mile to maintain their reputation! [ Read ]

Critical Data For Online Business Listings
If you want to rank well in local search, you need consistent NAP data, website, hours, and more across all major listing directories. [ Read ]

How to Respond to Positive Reviews
While negative reviews often get this most attention, positive reviews are as or more important! Its important to respond to positive reviews to thank customers for taking the time to review your business and to encourage others to do the same. [ Read ]

The Basics of Online Advertising
Digital advertising increases awareness - its that simple. Digital advertising consists of a range of services, all of which work to promote a business online. [ Read ]

How to Engage Your Audience Through Social Media
Is your social media falling flat? Don't sweat it; many hours have gone into perfecting the use of this not-so-secret weapon. Facebook, Google+, Twitter, Pinterest, and Instagram strategies are outlined in detail below. [ Read ]

Understanding and Optimizing Your Website Speed
Page speed is the amount of time it takes for the content on a website's page to fully load. In a world where people have come to expect instantaneous results, faster is better. [ Read ]