Re: PerlModule Apache::AuthDBI

From: Jamie Lawrence (jal@lorenza.abulafia.com)
Date: 01/09/03

  • Next message: Talisker: "Re: SQL Vulnerabilty Assesment"
    Date: Wed, 8 Jan 2003 18:08:43 -0500
    From: Jamie Lawrence <jal@lorenza.abulafia.com>
    To: Joe Luna <joeluna@socal.rr.com>
    
    

    On Tue, 07 Jan 2003, Joe Luna wrote:

    > While doing a web server audit I came across a backup copy of my clients
    > httpd.conf file. There is a password protected directory in the conf
    > file (see below) my question is how do I use this information to gain
    > further access to the server? I can see the host and DB name as well as
    > the username/password which I'm assuming is some sort of administrative
    > account.
    >
    > What I'm not sure of is the type of database or even how to connect
    > using the credentials gained from the conf file.
    >
    > Any pointers?
     

    This is a Postgres database. (that is determined by the dbi connect
    string - see the 'Pg'?)

    Assuming you have the postgres client on a local machine, you can try
    logging in to it doing something like

    psql -d main -h client.com -U username -W password

    Odds are that won't work, assuming a competent admin. Postres has the
    notion of "host based access" that's defined in a config file (that
    lives in various places under different OSes, under Debian, for
    instance, it is /etc/postgres/hba.conf), which controls, well, host
    based access.

    So, if you can get a shell on the apache server box, you can get database
    access with the privileges of the web server UID.

    Further poking around at things might require "man DBI::Pg" (assuming
    you have that perl module installed), "man postmaster", and "man psql"
    (both of those come from a postgres full install). Also very useful for
    postgres' flavor of SQL is http://www.commandprompt.com/ppbook/, and the
    O'Reilly books _Programming the Perl DBI_ and _Apache Modules in Perl and
    C_ (or something similar) are useful for understanding mod_perl and perl
    database handling.

    In general Postgres is a fairly solid database. Security-wise, it is
    hard to find problems with the database itself. People frequently write
    code that leaves you lots of oppurtunities on the front-end, however.

    Hope this helps, good luck.

    -j

     
    > <Location /accounting>
    > AuthName DBI
    > AuthType Basic
    > PerlAuthenHandler Apache::AuthDBI::authen
    > PerlAuthzHandler Apache::AuthDBI::authz
    > PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com
    > PerlSetVar Auth_DBI_username username
    > PerlSetVar Auth_DBI_password password
    > PerlSetVar Auth_DBI_pwd_table users
    > PerlSetVar Auth_DBI_uid_field username
    > PerlSetVar Auth_DBI_pwd_field password
    > require valid-user
    > </Location>
    >
    >
    > Regards,
    > Joe
    >
    >
    >
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please see:
    > https://alerts.securityfocus.com/

    -- 
    Jamie Lawrence                                        jal@jal.org
    "The more corrupt the state, the more numerous the laws"
       - Tacitus
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    


    Relevant Pages

    • RE: New article on SecurityFocus
      ... > Subject: RE: New article on SecurityFocus ... > one could compromise a web server with this exploit. ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: HTTP PUT exploitation
      ... Subject: HTTP PUT exploitation ... One very good folder that I normally use is the images folder. ... Cmdasp.asp will give you command line access to the web server using your ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: SQL
      ... | I am doing a pen test against a IIS 5 web server. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • RE: Pen Testing an Oracle Database
      ... Pen Testing an Oracle Database ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • cmdasp.asp & unicode
      ... grab te data of the database. ... and it ts vulnerable to an UNICODE exploit. ... For example: I upload cmdasp.asp to c:\inetpub\scripts\ with the ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)