While doing a web server audit I came across a backup copy of my clients httpd.conf file. There is a password protected directory in the conf file (see below) my question is how do I use this information to gain further access to the server? I can see the host and DB name as well as the username/password which I'm assuming is some sort of administrative account. What I'm not sure of is the type of database or even how to connect using the credentials gained from the conf file. Any pointers? <Location /accounting> AuthName DBI AuthType Basic PerlAuthenHandler Apache::AuthDBI::authen PerlAuthzHandler Apache::AuthDBI::authz PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com PerlSetVar Auth_DBI_username username PerlSetVar Auth_DBI_password password PerlSetVar Auth_DBI_pwd_table users PerlSetVar Auth_DBI_uid_field username PerlSetVar Auth_DBI_pwd_field password require valid-user </Location> Regards, Joe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 14:36:35 PST