Jump to content
The Uniform Server Community

security problem..


vimpir
 Share

Recommended Posts

i have a problem.

if i try to connect my server from "xp my web folders", don't ask password and direct connect to root.

 

write in the RUN

 

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

 

and right click, new, web folder, write domain and connect(full access)

 

what can i do it?

Link to comment
Share on other sites

You're telling us that you were able to gain full access to Uniform Server's DocumentRoot without the need of a password, right?

 

If no, then please provide more information.

 

If yes, this problem probably has something to do with mod_dav being enabled by default. To solve this, make sure Uniform Server is running, then open W:\usr\local\apache2\conf\httpd.conf with notepad and search for "LoadModule dav_module modules/mod_dav.so". Comment that line (by adding # in front of it), it should now read "#LoadModule dav_module modules/mod_dav.so". Restart Uniform Server and try to gain access to Uniform Server with the method you mentioned above, you shouldn't be able to do it now.

 

Hope that helps :)

Edited by MrX
Link to comment
Share on other sites

I told Olajide about this mod_dav security flaw after AlleyKat's PC was "hacked", but he didn't fix it :|

 

But I guess we can't blame him, considering how busy he is :)

 

Anyway, if you don't need mod_dav or don't know what it does, then you'd better disable it with the instructions posted above. For those of you who really need (can't live without) mod_dav, you should protect it with a password, instructions on how to do that can be found at the mod_dav FAQ.

Edited by MrX
Link to comment
Share on other sites

  • 5 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...