Penetration Testing mailing list archives
Re: PerlModule Apache::AuthDBI
From: Jamie Lawrence <jal () lorenza abulafia com>
Date: Wed, 8 Jan 2003 18:08:43 -0500
On Tue, 07 Jan 2003, Joe Luna wrote:
While doing a web server audit I came across a backup copy of my clients httpd.conf file. There is a password protected directory in the conf file (see below) my question is how do I use this information to gain further access to the server? I can see the host and DB name as well as the username/password which I'm assuming is some sort of administrative account. What I'm not sure of is the type of database or even how to connect using the credentials gained from the conf file. Any pointers?
This is a Postgres database. (that is determined by the dbi connect string - see the 'Pg'?) Assuming you have the postgres client on a local machine, you can try logging in to it doing something like psql -d main -h client.com -U username -W password Odds are that won't work, assuming a competent admin. Postres has the notion of "host based access" that's defined in a config file (that lives in various places under different OSes, under Debian, for instance, it is /etc/postgres/hba.conf), which controls, well, host based access. So, if you can get a shell on the apache server box, you can get database access with the privileges of the web server UID. Further poking around at things might require "man DBI::Pg" (assuming you have that perl module installed), "man postmaster", and "man psql" (both of those come from a postgres full install). Also very useful for postgres' flavor of SQL is http://www.commandprompt.com/ppbook/, and the O'Reilly books _Programming the Perl DBI_ and _Apache Modules in Perl and C_ (or something similar) are useful for understanding mod_perl and perl database handling. In general Postgres is a fairly solid database. Security-wise, it is hard to find problems with the database itself. People frequently write code that leaves you lots of oppurtunities on the front-end, however. Hope this helps, good luck. -j
<Location /accounting> AuthName DBI AuthType Basic PerlAuthenHandler Apache::AuthDBI::authen PerlAuthzHandler Apache::AuthDBI::authz PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com PerlSetVar Auth_DBI_username username PerlSetVar Auth_DBI_password password PerlSetVar Auth_DBI_pwd_table users PerlSetVar Auth_DBI_uid_field username PerlSetVar Auth_DBI_pwd_field password require valid-user </Location> Regards, Joe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-- Jamie Lawrence jal () jal org "The more corrupt the state, the more numerous the laws" - Tacitus ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- PerlModule Apache::AuthDBI Joe Luna (Jan 08)
- Re: PerlModule Apache::AuthDBI Jamie Lawrence (Jan 08)
- Re: PerlModule Apache::AuthDBI Jeff Dafoe (Jan 08)
- Re: PerlModule Apache::AuthDBI Martin Eiszner (Jan 21)