spacer spacer
spacer

huge webdav security hole in xampp / xampp lite
31.12.2010


xampp and xampp lite - even in the newest version come with webdav enabled and a default password being set, this is a huge security flaw, since anybody can easily upload malicious files to the server and even execute them trough php, so either disable webdav if you do not need it,
or change the user in x:/xampp/security/webdav.htpasswd

I have no idea why they do that, and even in their security settings they do not show it as a security flaw, which it obviously is, as it is basically the same as leaving an ftp open to anonymous write access.
text added.
Vienna @ -1,0 °C [4,6m/s]
this site was rendered in 0.63724 seconds with a total # of 13 754 627 sites so far.
669621 of which came from registered users. Impressum @ u2.hax.at