Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Multiple Vulnerabilities in paFileDB 3.1
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Multiple Vulnerabilities in paFileDB 3.1
  • From: Rafael San Miguel Carrasco <[EMAIL PROTECTED]>
  • Date: Thu, 09 Dec 2004 21:19:47 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]>
.
 

I don't think this issue can be considered a vulnerability in paFileDB.
It's rather about Apache indexing the content of a web directory.
This is a misconfiguration issue in your httpd.conf.
Note that paFileDB is doing things right: it builds secure filenames
(since they cannot be guessed by trial-error in a reasonable amount of
time).

Hope this helps,

Rafael San Miguel Carrasco

>Scenario :
>
>* admin (dudul) log in to manage the site at
>http://URL/pafiledb/pafiledb.php?action=admin ,then the session is recorded in 
>sessions directory
>
>+ attacker access the directory directly and see the "sessions" (in a same time) 
>
>Exploit: http://URL/pafiledb/sessions/[sessionfile]
>


-------------------------------
Rafael San Miguel Carrasco
Consultor Técnico
[EMAIL PROTECTED]
+ 34 660 856 647
+ 34 902 464 546
Davinci Consulting - www.dvc.es
Oficina Madrid - Parque empresarial Alvento
Via de los Poblados 1 Edificio A 6ª planta
28033 Madrid
-------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.