Re: Many "Xampp for Windows"-Versions using well known default PW for WebDAV-Service

["Joshua J. Drake" <jdrake () metasploit com>]

On Wed, Jun 30, 2010 at 01:24:29PM +0200, Oliver Kleinecke wrote:
> Hello Metasploit-Team & Users,
>
> while securing a tinier network, I fell over a massively spreaded
> default-PW for the WebDAV-Service of XAMPP for Windows. Since the
[...]
> I do know, that there are some really nice modules available for
WebDAV, but they are mostly focussed on IIS & ASP, bypassing the
> required auth. Perhaps this one is interesting enough to integrate it
> to the current modules or to make a separate module for it? Nearly any
> Version from XAMPP 1.6.8 to 1.7.x is affected. I`m afraid I am pretty
> busy right now, but if you agree that this is as severe as I think it
> is, I will try to write a module myself, though anyone else could
> write it a lot better/quicker than me, I suppose.     
[...]

Oliver,

We are certainly interested in this issue. I have created ticket #2170
to track this issue. If anyone works on the issue, that should be the
place for further coordination, etc.

-- 
Joshua J. Drake

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework