Jump to content
The Uniform Server Community
vimpir

security problem..

Recommended Posts

i have a problem.

if i try to connect my server from "xp my web folders", don't ask password and direct connect to root.

 

write in the RUN

 

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

 

and right click, new, web folder, write domain and connect(full access)

 

what can i do it?

Share this post


Link to post
Share on other sites

You're telling us that you were able to gain full access to Uniform Server's DocumentRoot without the need of a password, right?

 

If no, then please provide more information.

 

If yes, this problem probably has something to do with mod_dav being enabled by default. To solve this, make sure Uniform Server is running, then open W:\usr\local\apache2\conf\httpd.conf with notepad and search for "LoadModule dav_module modules/mod_dav.so". Comment that line (by adding # in front of it), it should now read "#LoadModule dav_module modules/mod_dav.so". Restart Uniform Server and try to gain access to Uniform Server with the method you mentioned above, you shouldn't be able to do it now.

 

Hope that helps :)

Edited by MrX

Share this post


Link to post
Share on other sites

I told Olajide about this mod_dav security flaw after AlleyKat's PC was "hacked", but he didn't fix it :|

 

But I guess we can't blame him, considering how busy he is :)

 

Anyway, if you don't need mod_dav or don't know what it does, then you'd better disable it with the instructions posted above. For those of you who really need (can't live without) mod_dav, you should protect it with a password, instructions on how to do that can be found at the mod_dav FAQ.

Edited by MrX

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...