Hosting Provided By

PerlModule Apache::AuthDBI

From: Joe Luna <joeluna(at)socal.rr.com>
Date: Tue Jan 07 2003 - 20:29:55 EST

While doing a web server audit I came across a backup copy of my clients httpd.conf file. There is a password protected directory in the conf file (see below) my question is how do I use this information to gain further access to the server? I can see the host and DB name as well as the username/password which I'm assuming is some sort of administrative account.

What I'm not sure of is the type of database or even how to connect using the credentials gained from the conf file.

Any pointers?

<Location /accounting>

AuthName DBI
AuthType Basic
PerlAuthenHandler Apache::AuthDBI::authen PerlAuthzHandler Apache::AuthDBI::authz

PerlSetVar Auth_DBI_data_source   dbi:Pg:dbname=main;host=client.com
PerlSetVar Auth_DBI_username      username
PerlSetVar Auth_DBI_password      password
PerlSetVar Auth_DBI_pwd_table     users
PerlSetVar Auth_DBI_uid_field     username
PerlSetVar Auth_DBI_pwd_field     password

require valid-user
</Location>

Regards,
Joe

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Wed Jan 8 17:36:52 2003

This message: [ Message body ]
Next message: Fermín J. Serna: "Re: XSS LAB DEMO IDEAS"
Previous message: Jeremy Bartels: "remote privilege escalation"
Next in thread: Jamie Lawrence: "Re: PerlModule Apache::AuthDBI"
Reply: Jamie Lawrence: "Re: PerlModule Apache::AuthDBI"
Reply: Jeff Dafoe: "Re: PerlModule Apache::AuthDBI"
Reply: Martin Eiszner: "Re: PerlModule Apache::AuthDBI"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT