Greetings OTLand members.
It has come to my attention that XAMPP comes with a security flaw which is exploited through the use of the WebDAV (C:/xampp/webdav) folder. A hacker could upload scripts with malicious code onto your website (a shell for instance or a DoS script), thus gaining full access to the website's files and sometimes on the entire server. Since TFS users have their database credentials in config.lua this, by extension, could give the hacker root access to the database of the victim.
The results of such an attack are serious and it could turn your server into a zombie, mess with your server's database (creating god accounts for instance), getting your server's scripts/modifications/configuration etc. or deface your website.
I won't describe how to exploit this vulnerability and I will go straight into giving you the solution.
Please visit this link to learn how to secure your XAMPP: Apache Friends Support Forum - WebDAV security flaw solution
Or alternatively you can change the password of WebDAV on this file: /xampp/security/webdav.htpasswd
Yours,
Delirium.
P.S: Feel free to PM me if you need assistance.
It has come to my attention that XAMPP comes with a security flaw which is exploited through the use of the WebDAV (C:/xampp/webdav) folder. A hacker could upload scripts with malicious code onto your website (a shell for instance or a DoS script), thus gaining full access to the website's files and sometimes on the entire server. Since TFS users have their database credentials in config.lua this, by extension, could give the hacker root access to the database of the victim.
The results of such an attack are serious and it could turn your server into a zombie, mess with your server's database (creating god accounts for instance), getting your server's scripts/modifications/configuration etc. or deface your website.
I won't describe how to exploit this vulnerability and I will go straight into giving you the solution.
Please visit this link to learn how to secure your XAMPP: Apache Friends Support Forum - WebDAV security flaw solution
Or alternatively you can change the password of WebDAV on this file: /xampp/security/webdav.htpasswd
Yours,
Delirium.
P.S: Feel free to PM me if you need assistance.
Last edited: