I don't think this issue can be considered a vulnerability in paFileDB.
It's rather about Apache indexing the content of a web directory.
This is a misconfiguration issue in your httpd.conf.
Note that paFileDB is doing things right: it builds secure filenames
(since they cannot be guessed by trial-error in a reasonable amount of
time).
Hope this helps,
Rafael San Miguel Carrasco
>Scenario :
>
>* admin (dudul) log in to manage the site at
>http://URL/pafiledb/pafiledb.php?action=admin ,then the session is
recorded in
>sessions directory
>
>+ attacker access the directory directly and see the "sessions" (in a
same time)
>
>Exploit: http://URL/pafiledb/sessions/[sessionfile]
>
-------------------------------
Rafael San Miguel Carrasco
Consultor Técnico
rafael.sanmiguel (at) dvc (dot) es [email concealed]
+ 34 660 856 647
+ 34 902 464 546
Davinci Consulting - www.dvc.es
Oficina Madrid - Parque empresarial Alvento
Via de los Poblados 1 Edificio A 6ª planta
28033 Madrid
-------------------------------
I don't think this issue can be considered a vulnerability in paFileDB.
It's rather about Apache indexing the content of a web directory.
This is a misconfiguration issue in your httpd.conf.
Note that paFileDB is doing things right: it builds secure filenames
(since they cannot be guessed by trial-error in a reasonable amount of
time).
Hope this helps,
Rafael San Miguel Carrasco
>Scenario :
>
>* admin (dudul) log in to manage the site at
>http://URL/pafiledb/pafiledb.php?action=admin ,then the session is
recorded in
>sessions directory
>
>+ attacker access the directory directly and see the "sessions" (in a
same time)
>
>Exploit: http://URL/pafiledb/sessions/[sessionfile]
>
-------------------------------
Rafael San Miguel Carrasco
Consultor Técnico
rafael.sanmiguel (at) dvc (dot) es [email concealed]
+ 34 660 856 647
+ 34 902 464 546
Davinci Consulting - www.dvc.es
Oficina Madrid - Parque empresarial Alvento
Via de los Poblados 1 Edificio A 6ª planta
28033 Madrid
-------------------------------
[ reply ]