Temporary Files and Web Sites (swp, ~, etc)

[bugtraq () beyondsecurity com]

Hi,

Short Background
I did some googling, and I stumbled upon what appears to be a common problem 
in many web sites. The problem is that people are editing of web pages with 
textual editors while neglecting to make sure no residual files are left 
behind. This doesn't sound like big news until now, but read on.

So what is the issue?
People are open their web pages with editors such as vi, kedit, etc, these 
editors keep a temporary copy of the file in case of failure of the editor. 
The naming convention used by these editors differs greatly, the best example 
I can think of that might cause problems is vi, if vi fails for whatever 
reason, while you were editing index.html, a file called .index.html.swp will 
be left behind.

Why is this a problem you ask?
In the case of vi, the file .index.html.swp is both hidden, and with an 
extension other than HTML, this means that if access to that file is 
requested, the RAW content of the HTML will be returned. In case where the 
HTML file is an PHP, or an .index.php.swp is found, values like DB 
usernames/passwords, security mechanism or worse might be revealed to the 
user requesting the file.

What can you do?
There isn't much you can do beside:
1) Avoid leaving these files behind
2) Make rules in Apache/whatever to block access to .swp, ~, etc files.

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=44441

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html