[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Multiple Vulnerabilities in paFileDB 3.1
From:       Rafael San Miguel Carrasco <smcsoc () yahoo ! es>
Date:       2004-12-09 20:19:47
Message-ID: 41B8B363.8000605 () yahoo ! es
[Download RAW message or body]


I don't think this issue can be considered a vulnerability in paFileDB.
It's rather about Apache indexing the content of a web directory.
This is a misconfiguration issue in your httpd.conf.
Note that paFileDB is doing things right: it builds secure filenames
(since they cannot be guessed by trial-error in a reasonable amount of
time).

Hope this helps,

Rafael San Miguel Carrasco

 >Scenario :
 >
 >* admin (dudul) log in to manage the site at
 >http://URL/pafiledb/pafiledb.php?action=admin ,then the session is 
recorded in
 >sessions directory
 >
 >+ attacker access the directory directly and see the "sessions" (in a 
same time)
 >
 >Exploit: http://URL/pafiledb/sessions/[sessionfile]
 >


-------------------------------
Rafael San Miguel Carrasco
Consultor Técnico
rafael.sanmiguel@dvc.es
+ 34 660 856 647
+ 34 902 464 546
Davinci Consulting - www.dvc.es
Oficina Madrid - Parque empresarial Alvento
Via de los Poblados 1 Edificio A 6ª planta
28033 Madrid
-------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]