MAMP servers allowing RCE vulnerability from the internet

All MAMP discussions around troubleshooting and anything related to MAMP. Be as detailed as possible here when posting an issue.
Post Reply
tengeez
Posts: 1
Joined: Fri Jan 28, 2022 1:29 pm

MAMP servers allowing RCE vulnerability from the internet

Post by tengeez »

Hi

I just read about a pretty serious internet vulnerability affecting mamp even in your localhost without being exposed to the internet. I found out about it on https://octagon.net/blog/2022/01/26/mam ... mise-0day/

What seems like happened (according to them ,) is they try to report the vulnerability but have failed. I managed to reproduce the XSS vulnerability and used a different website to exploit my computer from the internet. This to me seems pretty serious and the fix for this seems simple I don't know why not do it. Because now every person who uses MAMP and on internet connected devices is at risk. Which worries me.

The vulnerability worked for me on all versions of PHP running on Apache and on MAMP Pro and cloud. I think we should all notify Mamp team we use our personal computers for debugging sometimes or we use MAMP to admin remote websites so it should be secure, my MAC got a lot of my personal things

Thank you
Post Reply