Vulnerability Development mailing list archives
Re: Bug in Apache 1.3.20 Server - Hackemate Research
From: Jay Gruner <getmyfax () gmx de>
Date: Sat, 22 Sep 2001 17:10:33 +0200
These sess_- files look to me like the session-data php likes to save. It's up to the user where it stores this data (default is a /tmp dir) and what is more important it is up to the designer of that php-script WHAT it stores there. So if you choose to put your plain-text username and password there, no wonder it shows up. I wouldn't call this a vulnerability per se...
Greets, Jay. At 00:58 22.09.2001 -0300, you wrote:
This bug (?) affects: Apache/1.3.20 Server While, updating my site and checking out some things and directories, I discovered something pretty interesting in the tmp directory, there were three files, one with a "sem" extension and the other two ones without anyone. Files in Tmp directory: · sess_0af4137ea55aa752a12971b3145d815b · sess_b2e462409e859648ae96a2da84dc03ce · session_mm.sem Content of file "sess_0af4137ea55aa752a12971b3145d815b" username|s:9:"matt";password|s:9:"secret";!status|lastlist|s:4:"acct";domain|s:16:"host"; as soon as i read it I realised it is nothing more and nothing less than the server username and password to log in in PLAIN TEXT!Obviously i changed it where "matt" is the real username and "SECRET" the passwordContent of file "sess_b2e462409e859648ae96a2da84dc03ce" username|s:9:"USERname";password|s:9:"password";!status|lastlist|s:4:"acct";domain|s:16:"host"; The last file "session_mm.sem" was empty Research by WWW.HACKEMATE.COM <-- Contrasecurity Online KerozenE 1999-2001 c0oL! ICQ: 78480975 ********************************* Webmaster of www.hackemate.com.ar hackemate () softhome net ********************************* Moderator of the Security Mailing http://www.eListas.net/lista/hackemate/alta hackemate-alta () Elistas net ********************************* Editor of the EZine HC&KTM Http://www.hackemate.com.ar hackemate-alta () Elistas net *********************************
Current thread:
- Bug in Apache 1.3.20 Server - Hackemate Research Hackemate.com.ar (Sep 22)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Carl Schmidt (Sep 25)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Steve Grubb (Sep 30)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Jay Gruner (Sep 22)
- <Possible follow-ups>
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Keith.Morgan (Sep 24)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Ron DuFresne (Sep 25)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)