Re: So, you think your web server is secure?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry & thanks,

Ok, see that. And it is a bug from the internal workings of ftp authentication (& user name parsing)  then.

/georg
  ----- Original Message ----- 
  From: Stuart Dallas 
  To: georg chambert 
  Cc: php-general@xxxxxxxxxxxxx 
  Sent: Saturday, December 27, 2014 5:54 PM
  Subject: Re:  So, you think your web server is secure?


  Please include the list when replying.


  On Saturday, Dec 27, 2014 at 4:45 pm, georg chambert <georg.chambert@xxxxxxxxx>, wrote:

    Interresting, tnx, 

    as a bit security novice, do I get it right that the apache mod_MySql opens 
    up for Sql to logg on to ftp with NO password 
    with a strange Sql user name ? 



  No. The initial attack vector used was an FTP server that uses MySQL to store user details. The “strange SQL user name” you see is an SQL injection attack that’s possible because the MySQL code being used is not secure. Further reading: http://www.exploit-db.com/exploits/8037/


  That vulnerability allows the attacker to find the FTP user which can write to the web root, allowing them to upload PHP files that enable further intrusion into the network behind the web server.


  -Stuart


  -- 
  Stuart Dallas
  3ft9 Ltd
  http://3ft9.com/
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux