# From XAMPP Control Panel -> Apache -> PHPInfo.php # Or check version files C:\xampp\apache\bin\httpd.exe -v C:\xampp\mysql\bin\mysql.exe -V C:\xampp\php\php.exe -v
You can find the exploit details and proof-of-concept (PoC) code on the following platforms: xampp for windows 7429 exploit link
The issue lies in how XAMPP handles the xampp-control.ini file. In vulnerable versions, an unprivileged user can modify this configuration file to point to a malicious .exe or .bat file. When an administrator later opens the XAMPP Control Panel, the malicious script is executed with their elevated privileges. # From XAMPP Control Panel -> Apache -> PHPInfo