Not sure if this is known, however I know I've seen quite a few people still using webmin 0.84. Webmin doesn't seem to clean the env properly when starting apache (probably in other cases as well) It leaves the var HTTP_AUTHORIZATION set. All you need to do is run it though a mime 64 decode and you have the login and password to webmin. (it also leaves SERVER_PORT set so there should be no problem figuring out where the webmin is) You can best see the effects by: 1. Kill Apache 2. Start Apache will webmin 3. Goto a <?php phpinfo() ?> page and look at the vars The good news is that webmin 0.85 doesn't seem to have this problem because if doesn't use the same type of auth. This only seems to affect webmin 0.84 and earlier. Nick <snip from phpinfo (some vars removed to protect the innocent)> PHP Variables Variable Value PHP_SELF /test.php HTTP_SERVER_VARS /usr/local/apache/htdocs ["DOCUMENT_ROOT"] HTTP_SERVER_VARS text/*, image/*, audio/*, application/* ["HTTP_ACCEPT"] HTTP_SERVER_VARS gzip, compress, bzip, bzip2, deflate ["HTTP_ACCEPT_ENCODING"] HTTP_SERVER_VARS en; q=1.0 ["HTTP_ACCEPT_LANGUAGE"] HTTP_SERVER_VARS localhost ["HTTP_HOST"] HTTP_SERVER_VARS w3m/0.2.1 ["HTTP_USER_AGENT"] HTTP_SERVER_VARS["PATH"] /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin HTTP_SERVER_VARS 127.0.0.1 ["REMOTE_ADDR"] HTTP_SERVER_VARS 56523 ["REMOTE_PORT"] HTTP_SERVER_VARS /usr/local/apache/htdocs/test.php ["SCRIPT_FILENAME"] HTTP_SERVER_VARS 127.0.0.1 ["SERVER_ADDR"] HTTP_SERVER_VARS 80 ["SERVER_PORT"] HTTP_SERVER_VARS Apache/1.3.17 (Unix) PHP/4.0.4pl1 ["SERVER_SOFTWARE"] HTTP_SERVER_VARS CGI/1.1 ["GATEWAY_INTERFACE"] HTTP_SERVER_VARS HTTP/1.0 ["SERVER_PROTOCOL"] HTTP_SERVER_VARS GET ["REQUEST_METHOD"] HTTP_SERVER_VARS ["QUERY_STRING"] HTTP_SERVER_VARS /test.php ["REQUEST_URI"] HTTP_SERVER_VARS /usr/local/apache/htdocs/test.php ["PATH_TRANSLATED"] HTTP_SERVER_VARS /test.php ["PHP_SELF"] HTTP_SERVER_VARS["argv"] Array ( ) HTTP_SERVER_VARS["argc"] 0 HTTP_ENV_VARS 10000 ["SERVER_PORT"] HTTP_ENV_VARS CGI/1.1 ["GATEWAY_INTERFACE"] HTTP_ENV_VARS["PWD"] /root/webmin-0.84/apache/ HTTP_ENV_VARS Mozilla/5.0 (X11; U; Linux 2.4.2 i686; en-US; ["HTTP_USER_AGENT"] rv:0.9) Gecko/20010505 HTTP_ENV_VARS["PATH_INFO"] HTTP_ENV_VARS http://localhost:10000/apache/ ["HTTP_REFERER"] HTTP_ENV_VARS["HTTP_HOST"] localhost:10000 HTTP_ENV_VARS Basic YWRtaW46ZGF2ZQ== ["HTTP_AUTHORIZATION"] HTTP_ENV_VARS keep-alive ["HTTP_CONNECTION"] HTTP_ENV_VARS["WEBMIN_VAR"] /var/webmin HTTP_ENV_VARS gzip,deflate,compress,identity ["HTTP_ACCEPT_ENCODING"] HTTP_ENV_VARS /root/webmin-0.84 ["SERVER_ROOT"] ....
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 12:13:04 PDT