WampServer
Apache, PHP, MySQL
on Windows
MySQL 5.7.42 and prior and 8.0.31 and prior reporting major vulnerabilities
Posted by:
ChrisRG
(129.205.129.---)
Date: November 24, 2023 11:09AM
Hi,
Disclaimer: i have no prior experience of this whole setup as it was set up by the previous IT manager and left without leaving any documentation.
Basically, our vulnerability management tool picked that there are multiple issues with Wampserver, Apache, PHPadmin and MySQL. I managed to upgrade Wampserver 32bit to version 3.3.1, PHP to 8.0.28 (Even though it is now complaining that it needs to be on V8.0.30), Apache to V2.4.57.1 and MySQL to V5.7.31. The main issue now is that from our vulnerability it says that MySQL 5.7.43 and prior and 8.0.34 and prior, 8.1.0 are affected by this vulnerability and the recommendation is to upgrade to the latest version of the Oracle MySQL server.
I checked the upgraded version for WampServer 32 bit but it only goes as far as 5.7.42 which is also vulnerable to this exploit.
I also saw that there's a discontinuation of 32bit support for Wampserver, is that correct? If so, how so then here are my questions:
1- How do you move from Wampserver 32 to 64 bit?
2- From PHPAdmin, how do you move the database from old MySQL version to a newer version? All I've been reading is about export and import but it doesn't really say where we differentiate version and make the new one default.
Your assistance and patience in sorting out this matter would greatly be appreciated.
Regards
Chris
Disclaimer: i have no prior experience of this whole setup as it was set up by the previous IT manager and left without leaving any documentation.
Basically, our vulnerability management tool picked that there are multiple issues with Wampserver, Apache, PHPadmin and MySQL. I managed to upgrade Wampserver 32bit to version 3.3.1, PHP to 8.0.28 (Even though it is now complaining that it needs to be on V8.0.30), Apache to V2.4.57.1 and MySQL to V5.7.31. The main issue now is that from our vulnerability it says that MySQL 5.7.43 and prior and 8.0.34 and prior, 8.1.0 are affected by this vulnerability and the recommendation is to upgrade to the latest version of the Oracle MySQL server.
I checked the upgraded version for WampServer 32 bit but it only goes as far as 5.7.42 which is also vulnerable to this exploit.
I also saw that there's a discontinuation of 32bit support for Wampserver, is that correct? If so, how so then here are my questions:
1- How do you move from Wampserver 32 to 64 bit?
2- From PHPAdmin, how do you move the database from old MySQL version to a newer version? All I've been reading is about export and import but it doesn't really say where we differentiate version and make the new one default.
Your assistance and patience in sorting out this matter would greatly be appreciated.
Regards
Chris
Re: MySQL 5.7.42 and prior and 8.0.31 and prior reporting major vulnerabilities
Posted by:
Otomatic
(Moderator)
Date: November 24, 2023 11:39AM
Hi,
> 1- How do you move from Wampserver 32 to 64 bit?
You can install Wampserver 3.3.2 64bit in addition to your Wampserver 32bit version, provided you never run both Wampserver 32 and 64 bit versions together. You can launch Wampserver 32bit, then when you've finished your operations, you must quit Wampserver 32bit before launching Wampserver 64bit.
> 2- From PHPAdmin, how do you move the database from old MySQL version to a newer version?
You need to export your databases in SQL files and then import the SQL files with the new version.
In any case, as you can keep Wampserver 32bit and Wampserver 64bit on the same machine, this makes testing easier and, if a transfer attempt doesn't work, nothing is lost as the original still exists.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
> 1- How do you move from Wampserver 32 to 64 bit?
You can install Wampserver 3.3.2 64bit in addition to your Wampserver 32bit version, provided you never run both Wampserver 32 and 64 bit versions together. You can launch Wampserver 32bit, then when you've finished your operations, you must quit Wampserver 32bit before launching Wampserver 64bit.
> 2- From PHPAdmin, how do you move the database from old MySQL version to a newer version?
You need to export your databases in SQL files and then import the SQL files with the new version.
In any case, as you can keep Wampserver 32bit and Wampserver 64bit on the same machine, this makes testing easier and, if a transfer attempt doesn't work, nothing is lost as the original still exists.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Re: MySQL 5.7.42 and prior and 8.0.31 and prior reporting major vulnerabilities
Posted by:
ChrisRG
(129.205.129.---)
Date: November 29, 2023 10:19AM
Hi,
@Otomatic thank you so much for your input.
I successfully installed WampServer64 on the same machine and also successfully imported the database from the previous system.
As i mentioned before, i'm really clued up when it comes to this setup as it was left behind by the previous IT manager, so i'm doing everything based on some research. At this point WampServer64 is running but now i need to able to browse to the same URL users browse to access the intranet when WampServer32 is running.
So, i manually copied the content of "C:\Wamp\www" to "C:\Wamp\www" including a file called ".htaccess", then i restarted the Wamp services. When i browse [localhost];, with "Intranet" being the name of the database i get these errors about access denied.
"( ! ) Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in C:\wamp64\www\VFMIntranet\wp-includes\wp-db.php on line 1656"
"( ! ) mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in C:\wamp64\www\VFMIntranet\wp-includes\wp-db.php on line 1656"
Then i gives some information in the Call stack table. Do i need to export the users account from the PHPAdmin on wamp32 and import it into the 64 in order to be able to browse?
@Otomatic thank you so much for your input.
I successfully installed WampServer64 on the same machine and also successfully imported the database from the previous system.
As i mentioned before, i'm really clued up when it comes to this setup as it was left behind by the previous IT manager, so i'm doing everything based on some research. At this point WampServer64 is running but now i need to able to browse to the same URL users browse to access the intranet when WampServer32 is running.
So, i manually copied the content of "C:\Wamp\www" to "C:\Wamp\www" including a file called ".htaccess", then i restarted the Wamp services. When i browse [localhost];, with "Intranet" being the name of the database i get these errors about access denied.
"( ! ) Fatal error: Uncaught mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in C:\wamp64\www\VFMIntranet\wp-includes\wp-db.php on line 1656"
"( ! ) mysqli_sql_exception: Access denied for user 'root'@'localhost' (using password: YES) in C:\wamp64\www\VFMIntranet\wp-includes\wp-db.php on line 1656"
Then i gives some information in the Call stack table. Do i need to export the users account from the PHPAdmin on wamp32 and import it into the 64 in order to be able to browse?
Re: MySQL 5.7.42 and prior and 8.0.31 and prior reporting major vulnerabilities
Posted by:
Otomatic
(Moderator)
Date: November 29, 2023 03:46PM
Hi,
> Do i need to export the users account from the PHPAdmin on wamp32 and import it into the 64 in order to be able to browse?
The above errors indicate that "yes", you need to export and then import the users and their associated passwords.
You should find the same information in the Users tabs of PhpMyAdmin in both Wampserver versions.
But, from what I've just seen, the passwords are not exported!
So I think you'll have to create them in a MySQL console using the following instructions:
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
> Do i need to export the users account from the PHPAdmin on wamp32 and import it into the 64 in order to be able to browse?
The above errors indicate that "yes", you need to export and then import the users and their associated passwords.
You should find the same information in the Users tabs of PhpMyAdmin in both Wampserver versions.
But, from what I've just seen, the passwords are not exported!
So I think you'll have to create them in a MySQL console using the following instructions:
# MySQL 8 - Change user password ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password'; ALTER USER IF EXISTS 'root'@'127.0.0.1' IDENTIFIED BY 'new_password'; ALTER USER IF EXISTS 'root'@'::1' IDENTIFIED BY 'new_password'; FLUSH PRIVILEGES;I think the password(s) are in the WP configuration file in Wampserver 32bit.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Sorry, only registered users may post in this forum.
