| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Dec 2004 21:19:47 +0100 From: Rafael San Miguel Carrasco <smcsoc@...oo.es> To: bugtraq@...urityfocus.com Subject: Re: Multiple Vulnerabilities in paFileDB 3.1 I don't think this issue can be considered a vulnerability in paFileDB. It's rather about Apache indexing the content of a web directory. This is a misconfiguration issue in your httpd.conf. Note that paFileDB is doing things right: it builds secure filenames (since they cannot be guessed by trial-error in a reasonable amount of time). Hope this helps, Rafael San Miguel Carrasco >Scenario : > >* admin (dudul) log in to manage the site at >http://URL/pafiledb/pafiledb.php?action=admin ,then the session is recorded in >sessions directory > >+ attacker access the directory directly and see the "sessions" (in a same time) > >Exploit: http://URL/pafiledb/sessions/[sessionfile] > ------------------------------- Rafael San Miguel Carrasco Consultor Técnico rafael.sanmiguel@....es + 34 660 856 647 + 34 902 464 546 Davinci Consulting - www.dvc.es Oficina Madrid - Parque empresarial Alvento Via de los Poblados 1 Edificio A 6ª planta 28033 Madrid -------------------------------
Powered by blists - more mailing lists