Bugtraq mailing list archives

Re: Vulnerability kali's tagboard

From: Jesus <root () resurrected us>
Date: Thu, 28 Apr 2005 15:06:53 -0400 (EDT)


On Thu, 28 Apr 2005, security curmudgeon wrote:

******************************************
* Example .htaccess File
******************************************
AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Tagboard Admin Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>



Mod security alleviates most of this

SecFilterSelective THE_REQUEST "\&cmd" "redirect:http://www.gaytardedhax0rs.net";

As do normal apache settings

<Location /admin/>
#
    Order deny,allow
    Allow from YOUR_ADDRESS_GOES_HERE
    Deny from all
    ErrorDocument 403 http://www.gaytardedhax0rs.net
</Location>

Problem with an htaccess file is creating the users, then making sure no
kiddiot is using some password dumping script or program. IP based would
work better since I can't think of some silly scriptkiddiot injecting info
on the network level to pwn some site using any one of these injection
based tools.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The most tyrannical of governments are those which make
crimes of  opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza


//sil

http://www.kungfunix.net   http://www.politrix.org
http://www.infiltrated.net http://bush.shafted.us

Current thread:

Vulnerability kali's tagboard piker piker (Apr 21)
- Re: Vulnerability kali's tagboard Jason Dodson (Apr 21)
- Re: Vulnerability kali's tagboard security curmudgeon (Apr 28)
  - Re: Vulnerability kali's tagboard Jesus (Apr 28)