Security Serious vulnerability on XAMPP - Everyone using XAMPP, please read this!

hans henrik

Excellent OT User
Joined
Jun 5, 2007
Messages
291
Reaction score
26
Location
Norway
Who runs apache under root? windows xampp users that dont know wtf they'r doing.
Who runs iis under root? since... some update (check wikipedia for more info), microsoft made iis switch to its own limited account automatically.. (like apache2 does under most linux distros since forever... check the members of www-data)
 
OP
Delirium

Delirium

OTLand veteran & ex mod
Premium User
Joined
May 28, 2007
Messages
3,292
Reaction score
138
Location
Athens, Greece
Who runs apache under root? windows xampp users that dont know wtf they'r doing.
Who runs iis under root? since... some update (check wikipedia for more info), microsoft made iis switch to its own limited account automatically.. (like apache2 does under most linux distros since forever... check the members of www-data)
Since when Windows have root?
 

Edi8th99

New Member
Joined
Oct 11, 2011
Messages
9
Reaction score
0
This have been known for a few years (maybe not within OT community)
But thanks for sharing this with the community making people realize maybe they aren't as safe as they believe




 

Milice

Nutjob
Joined
Oct 4, 2008
Messages
956
Reaction score
152
Location
Sverige ;D
zzzz

Greetings OTLand members.

It has come to my attention that XAMPP comes with a security flaw which is exploited through the use of the WebDAV (C:/xampp/webdav) folder. A hacker could upload scripts with malicious code onto your website (a shell for instance or a DoS script), thus gaining full access to the website's files and sometimes on the entire server. Since TFS users have their database credentials in config.lua this, by extension, could give the hacker root access to the database of the victim.

The results of such an attack are serious and it could turn your server into a zombie, mess with your server's database (creating god accounts for instance), getting your server's scripts/modifications/configuration etc. or deface your website.

I won't describe how to exploit this vulnerability and I will go straight into giving you the solution.

Please visit this link to learn how to secure your XAMPP: Apache Friends Support Forum - WebDAV security flaw solution

Yours,
Delirium.

P.S: Feel free to PM me if you need assistance.
Nice one, but kind of a buzzkill =( To be honest, not to be a btch or something but ppl should learn for themselves, nowadays 99% of all OT-hosters are fcking noobs who has no knowledge at all.. Guess my noobpwning days are soon to be over >.> xD
 
Top