-------
exploit #1 (webdav)
-------

how do i know if this could apply to me?
your website and/or website is hosted on your computer, vps, or dedicated server.
to host your server you're using any of the following web servers; xampp, wampp.
you have apache running on your computer, vps, or dedicated server.

how do i check if this applies to me?

go to the start menu on your computer, find "computer". right click and press "map network drive". for the folder location, enter "http://yourwebsiteorip.com/webdav/". if it connects, and shows a login screen, you're vulnerable to this.

go to "http://yourwebsiteorip.com/webdav/" in your web browser. if a webdav test page pops up, you're vulnerable to this unless you already did the guide to fix it (suggested you do the top test to be sure).

how do i fix this?

go into the xampp folder located in c:\xampp\. go into apache > conf > extra > httpd-dav.conf (open that file).

find the following line:

code:
<directory "c:/xampp/webdav">
dav on

order allow,deny
allow from all
replace it with the following line:

code:
<directory "c:/xampp/webdav">
dav off

order deny,allow
deny from all
once you've saved the changes, restart your web server and you're set to go.