[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple Vulnerabilities in paFileDB 3.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple Vulnerabilities in paFileDB 3.1
From: Rafael San Miguel Carrasco <smcsoc@xxxxxxxx>
Date: Thu, 09 Dec 2004 21:19:47 +0100


I don't think this issue can be considered a vulnerability in paFileDB.
It's rather about Apache indexing the content of a web directory.
This is a misconfiguration issue in your httpd.conf.
Note that paFileDB is doing things right: it builds secure filenames
(since they cannot be guessed by trial-error in a reasonable amount of
time).

Hope this helps,

Rafael San Miguel Carrasco

>Scenario : > >* admin (dudul) log in to manage the site at >http://URL/pafiledb/pafiledb.php?action=admin ,then the session is recorded in >sessions directory > >+ attacker access the directory directly and see the "sessions" (in a same time) > >Exploit: http://URL/pafiledb/sessions/[sessionfile] >


-------------------------------
Rafael San Miguel Carrasco
Consultor Técnico
rafael.sanmiguel@xxxxxx
+ 34 660 856 647
+ 34 902 464 546
Davinci Consulting - www.dvc.es
Oficina Madrid - Parque empresarial Alvento
Via de los Poblados 1 Edificio A 6ª planta
28033 Madrid
-------------------------------

References:
- Multiple Vulnerabilities in paFileDB 3.1
  - From: Ahmad Muammar

Prev by Date: F-Secure Policy Manager - physical path disclosure
Next by Date: wget: Arbitrary file overwriting/appending/creating and other vulnerabilities
Previous by thread: Multiple Vulnerabilities in paFileDB 3.1
Next by thread: Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0
Index(es):
- Date
- Thread