spacer spacer

huge webdav security hole in xampp / xampp lite

xampp and xampp lite - even in the newest version come with webdav enabled and a default password being set, this is a huge security flaw, since anybody can easily upload malicious files to the server and even execute them trough php, so either disable webdav if you do not need it,
or change the user in x:/xampp/security/webdav.htpasswd

I have no idea why they do that, and even in their security settings they do not show it as a security flaw, which it obviously is, as it is basically the same as leaving an ftp open to anonymous write access.
text added.
Vienna @ 27,3 °C [5,7m/s]
this site was rendered in 0.16492 seconds with a total # of 20 626 724 sites so far.
675295 of which came from registered users. Impressum @