bypass authorization?
Andreas Ericsson
ae at op5.se
Mon May 10 21:16:37 CEST 2004
John Stotler wrote:
> Does anyone know of a way to bypass the authorization required to access
> the cgi stuff?
>
> The machine I'm using is locked down, and I can assume that user
> dummy/dummy is on the system.
>
That depends on what version of apache you're running, since that's
whats handling the authorization.
I know there was an issue with mod_ssl on apache 1.3.28, but afaik it
can only be used to gain shell access as the user owning the apache
process. That should ofcourse suffice, since you'd be able to add your
own password later (on a loosely set system, that is).
>
> thanks,
Not sure I helped, but you're welcome none-the-less.
> John
>
--
Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver
higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list