Penetration Testing mailing list archives

Re: PerlModule Apache::AuthDBI

From: Jamie Lawrence <jal () lorenza abulafia com>
Date: Wed, 8 Jan 2003 18:08:43 -0500

On Tue, 07 Jan 2003, Joe Luna wrote:

While doing a web server audit I came across a backup copy of my clients
httpd.conf file. There is a password protected directory in the conf
file (see below) my question is how do I use this information to gain
further access to the server? I can see the host and DB name as well as
the username/password which I'm assuming is some sort of administrative
account. 

What I'm not sure of is the type of database or even how to connect
using the credentials gained from the conf file. 

Any pointers?

 

This is a Postgres database. (that is determined by the dbi connect 
string - see the 'Pg'?)

Assuming you have the postgres client on a local machine, you can try
logging in to it doing something like

psql -d main -h client.com -U username -W password

Odds are that won't work, assuming a competent admin. Postres has the
notion of "host based access" that's defined in a config file (that
lives in various places under different OSes, under Debian, for
instance, it is /etc/postgres/hba.conf), which controls, well, host
based access.

So, if you can get a shell on the apache server box, you can get database
access with the privileges of the web server UID.

Further poking around at things might require "man DBI::Pg" (assuming
you have that perl module installed), "man postmaster", and "man psql" 
(both of those come from a postgres full install). Also very useful for
postgres' flavor of SQL is http://www.commandprompt.com/ppbook/, and the
O'Reilly books _Programming the Perl DBI_ and _Apache Modules in Perl and
C_ (or something similar) are useful for understanding mod_perl and perl
database handling.

In general Postgres is a fairly solid database. Security-wise, it is
hard to find problems with the database itself. People frequently write
code that leaves you lots of oppurtunities on the front-end, however.


Hope this helps, good luck.

-j

<Location /accounting>
AuthName DBI
AuthType Basic
PerlAuthenHandler Apache::AuthDBI::authen
PerlAuthzHandler  Apache::AuthDBI::authz
PerlSetVar Auth_DBI_data_source   dbi:Pg:dbname=main;host=client.com
PerlSetVar Auth_DBI_username      username
PerlSetVar Auth_DBI_password      password
PerlSetVar Auth_DBI_pwd_table     users
PerlSetVar Auth_DBI_uid_field     username
PerlSetVar Auth_DBI_pwd_field     password
require valid-user
</Location>


Regards,
Joe




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/




-- 
Jamie Lawrence                                        jal () jal org
"The more corrupt the state, the more numerous the laws"
   - Tacitus



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

PerlModule Apache::AuthDBI Joe Luna (Jan 08)
- Re: PerlModule Apache::AuthDBI Jamie Lawrence (Jan 08)
- Re: PerlModule Apache::AuthDBI Jeff Dafoe (Jan 08)
- Re: PerlModule Apache::AuthDBI Martin Eiszner (Jan 21)