CVE-2008-6498

XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6498. PoCs published by bi0, Michael Brooks.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in XAMPP 1.7.2 where the 'xamppsecurity.php' page is accessible remotely, allowing unauthorized password changes for .htaccess and phpMyAdmin.

Description

Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by bi0 · textwebappsphp

https://www.exploit-db.com/exploits/10391

View Code ZIP pw:eip

This is a writeup describing an authentication bypass vulnerability in XAMPP 1.7.2 where the 'xamppsecurity.php' page is accessible remotely, allowing unauthorized password changes for .htaccess and phpMyAdmin.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: XAMPP 1.7.2

No auth needed

Prerequisites: Network access to the XAMPP server · XAMPP 1.7.2 installed with default configuration

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Michael Brooks · textremotewindows

https://www.exploit-db.com/exploits/7384

View Code ZIP pw:eip

This exploit leverages a combination of global variable manipulation and XSRF to bypass IP-based restrictions and change the administrative password for XAMPP's security directories. It exploits the use of `extract($_POST)` to overwrite the `$_SERVER[REMOTE_ADDR]` variable, allowing an attacker to spoof their IP address as 127.0.0.1.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: XAMPP 1.6.8

Auth required

Prerequisites: Authenticated session in the target browser · Access to the XAMPP security page

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7384

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32134

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47201

Scores

EPSS 0.0105

EPSS Percentile 59.7%

Details

CWE

CWE-352

Status published

Products (1)

apachefriends/xampp 1.6.8

Published Mar 20, 2009

Tracked Since Feb 18, 2026