Cyber Security Forum

Cyber Security Forum (https://cybsec.info/index.php)
-   Tutorials (https://cybsec.info/forumdisplay.php?f=49)
-   -   [How To] Website Security/Optimize Peformance [Important] (https://cybsec.info/showthread.php?t=8174)

Newer 05-21-2015 01:20 PM
[How To] Website Security/Optimize Peformance [Important]
 
-------
Exploit #1 (WebDav)
-------

How do I know if this could apply to me?
Your website and/or website is hosted on your computer, vps, or dedicated server.
To host your server you're using any of the following web servers; XAMPP, WAMPP.
You have apache running on your computer, vps, or dedicated server.

How do I check if this applies to me?

Go to the start menu on your computer, find "Computer". Right click and press "Map Network Drive". For the folder location, enter "http://yourwebsiteorip.com/webdav/". If it connects, and shows a login screen, you're vulnerable to this.

Go to "http://yourwebsiteorip.com/webdav/" in your web browser. If a webdav test page pops up, you're vulnerable to this unless you already did the guide to fix it (suggested you do the top test to be sure).

How do I fix this?

Go into the XAMPP folder located in C:\XAMPP\. Go into apache > conf > extra > httpd-dav.conf (open that file).

Find the following line:

Code:
<Directory "C:/xampp/webdav">
Dav On

Order Allow,Deny
Allow from all
Replace it with the following line:

Code:
<Directory "C:/xampp/webdav">
Dav Off

Order Deny,Allow
Deny from all
Once you've saved the changes, restart your web server and you're set to go.


All times are GMT. The time now is 08:05 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
vB.Sponsors

Cybe security forum, cyber site forum, cyber forum, vendor, emv software, emv chip writer, cyber tutorial, online shop