From: Joe Luna (joeluna@socal.rr.com)
Date: Tue Jan 07 2003 - 20:29:55 EST
While doing a web server audit I came across a backup copy of my clients
httpd.conf file. There is a password protected directory in the conf
file (see below) my question is how do I use this information to gain
further access to the server? I can see the host and DB name as well as
the username/password which I'm assuming is some sort of administrative
account.
What I'm not sure of is the type of database or even how to connect
using the credentials gained from the conf file.
Any pointers?
<Location /accounting>
AuthName DBI
AuthType Basic
PerlAuthenHandler Apache::AuthDBI::authen
PerlAuthzHandler Apache::AuthDBI::authz
PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com
PerlSetVar Auth_DBI_username username
PerlSetVar Auth_DBI_password password
PerlSetVar Auth_DBI_pwd_table users
PerlSetVar Auth_DBI_uid_field username
PerlSetVar Auth_DBI_pwd_field password
require valid-user
</Location>
Regards,
Joe
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT