metasploit-framework July 2010 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] Many "Xampp for Windo

Re: [framework] Many "Xampp for Windows"-Versions using well known default PW for WebDAV-Service

From: Joshua J. Drake <jdrake_at_nospam>
Date: Thu Jul 01 2010 - 14:35:33 GMT
To: Oliver Kleinecke <>

On Wed, Jun 30, 2010 at 01:24:29PM +0200, Oliver Kleinecke wrote:
> Hello Metasploit-Team & Users,
> while securing a tinier network, I fell over a massively spreaded
> default-PW for the WebDAV-Service of XAMPP for Windows. Since the
> I do know, that there are some really nice modules available for
WebDAV, but they are mostly focussed on IIS & ASP, bypassing the
> required auth. Perhaps this one is interesting enough to integrate it
> to the current modules or to make a separate module for it? Nearly any
> Version from XAMPP 1.6.8 to 1.7.x is affected. I`m afraid I am pretty
> busy right now, but if you agree that this is as severe as I think it
> is, I will try to write a module myself, though anyone else could
> write it a lot better/quicker than me, I suppose.


We are certainly interested in this issue. I have created ticket #2170
to track this issue. If anyone works on the issue, that should be the
place for further coordination, etc.

-- Joshua J. Drake