CVE-2020-11107

This PowerShell script exploits a local privilege escalation vulnerability in XAMPP by modifying the xampp-control.ini file to replace a legitimate executable path with a malicious payload path. The exploit leverages improper file permissions to achieve arbitrary code execution with elevated privileges.

This repository provides a detailed writeup and proof-of-concept for CVE-2020-11107, a vulnerability in XAMPP on Windows that allows an unprivileged user to modify the xampp-control.ini configuration file to execute arbitrary commands with elevated privileges when an administrator accesses log files.

This is a writeup detailing CVE-2020-11107, a vulnerability in XAMPP on Windows where an unprivileged user can modify the xampp-control.ini configuration file to execute arbitrary commands with elevated privileges when an admin accesses log files via the control panel.

This repository contains a PowerShell script that exploits CVE-2020-11107, a local privilege escalation vulnerability in XAMPP on Windows. The exploit modifies the `xampp-control.ini` file to replace the default editor path with a malicious executable, which is executed with elevated privileges when triggered by an administrator.