Metasploit mailing list archives
Re: Many "Xampp for Windows"-Versions using well known default PW for WebDAV-Service
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Thu, 1 Jul 2010 09:35:33 -0500
On Wed, Jun 30, 2010 at 01:24:29PM +0200, Oliver Kleinecke wrote:
Hello Metasploit-Team & Users, while securing a tinier network, I fell over a massively spreaded default-PW for the WebDAV-Service of XAMPP for Windows. Since the
[...]
I do know, that there are some really nice modules available for
WebDAV, but they are mostly focussed on IIS & ASP, bypassing the
required auth. Perhaps this one is interesting enough to integrate it to the current modules or to make a separate module for it? Nearly any Version from XAMPP 1.6.8 to 1.7.x is affected. I`m afraid I am pretty busy right now, but if you agree that this is as severe as I think it is, I will try to write a module myself, though anyone else could write it a lot better/quicker than me, I suppose.
[...] Oliver, We are certainly interested in this issue. I have created ticket #2170 to track this issue. If anyone works on the issue, that should be the place for further coordination, etc. -- Joshua J. Drake
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Many "Xampp for Windows"-Versions using well known default PW for WebDAV-Service Joshua J. Drake (Jul 01)