From: Jamie Lawrence (jal@lorenza.abulafia.com)
Date: Wed Jan 08 2003 - 18:08:43 EST
On Tue, 07 Jan 2003, Joe Luna wrote:
> While doing a web server audit I came across a backup copy of my clients
> httpd.conf file. There is a password protected directory in the conf
> file (see below) my question is how do I use this information to gain
> further access to the server? I can see the host and DB name as well as
> the username/password which I'm assuming is some sort of administrative
> account.
>
> What I'm not sure of is the type of database or even how to connect
> using the credentials gained from the conf file.
>
> Any pointers?
This is a Postgres database. (that is determined by the dbi connect
string - see the 'Pg'?)
Assuming you have the postgres client on a local machine, you can try
logging in to it doing something like
psql -d main -h client.com -U username -W password
Odds are that won't work, assuming a competent admin. Postres has the
notion of "host based access" that's defined in a config file (that
lives in various places under different OSes, under Debian, for
instance, it is /etc/postgres/hba.conf), which controls, well, host
based access.
So, if you can get a shell on the apache server box, you can get database
access with the privileges of the web server UID.
Further poking around at things might require "man DBI::Pg" (assuming
you have that perl module installed), "man postmaster", and "man psql"
(both of those come from a postgres full install). Also very useful for
postgres' flavor of SQL is http://www.commandprompt.com/ppbook/, and the
O'Reilly books _Programming the Perl DBI_ and _Apache Modules in Perl and
C_ (or something similar) are useful for understanding mod_perl and perl
database handling.
In general Postgres is a fairly solid database. Security-wise, it is
hard to find problems with the database itself. People frequently write
code that leaves you lots of oppurtunities on the front-end, however.
Hope this helps, good luck.
-j
> <Location /accounting>
> AuthName DBI
> AuthType Basic
> PerlAuthenHandler Apache::AuthDBI::authen
> PerlAuthzHandler Apache::AuthDBI::authz
> PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com
> PerlSetVar Auth_DBI_username username
> PerlSetVar Auth_DBI_password password
> PerlSetVar Auth_DBI_pwd_table users
> PerlSetVar Auth_DBI_uid_field username
> PerlSetVar Auth_DBI_pwd_field password
> require valid-user
> </Location>
>
>
> Regards,
> Joe
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
-- Jamie Lawrence jal@jal.org "The more corrupt the state, the more numerous the laws" - Tacitus ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT