LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Apache Configuration Directive’

« Older Entries

Potential leak of data: Apache Configuration Directive

Posted by PasteMon on June 29th, 2012

1 votedvote

Detected 1 occurrence(s) of ‘allow\s*from\s*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+’: 

ustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Source: http://pastebin.com/raw.php?i=kufRtrBH

Potential leak of data: Apache Configuration Directive

Posted by PasteMon on June 29th, 2012

0 votedvote

Detected 1 occurrence(s) of ‘authuserfile\s*\/’: 

ient/locale/main/main.csv - 1 inputs
/tdp4/facebook/client/locale/main/main.csv - 1 inputs

*************************************************************************************************************************
say("How about some .htaccess?"); 

AuthUserFile /etc/apache2/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user


*************************************************************************************************************************
say("Oh, Cross-Domain Vulnerabilities?");

Source: http://pastebin.com/raw.php?i=3ULBMMFR

Potential leak of data: Apache Configuration Directive

Posted by PasteMon on June 29th, 2012

0 votedvote

Detected 1 occurrence(s) of ‘allow\s*from\s*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+’: 

       CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
</VirtualHost>

Source: http://pastie.org/pastes/4168115/download

Potential leak of data: Apache Configuration Directive

Posted by PasteMon on June 28th, 2012

1 votedvote

Detected 1 occurrence(s) of ‘authuserfile\s*\/’: 

Password protecting a directory and all of it's subfolders using .htaccess
AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user
	
<Directory /path/to/the/directory/of/htaccess>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
</Directory>

Source: http://pastebin.com/raw.php?i=EFmLasxn

Potential leak of data: Apache Configuration Directive

Posted by PasteMon on June 28th, 2012

1 votedvote

Detected 2 occurrence(s) of ‘authuserfile\s*\/’: 

Password protect download directly in wordpress
AuthUserFile /www/path/to/file/.htpasswd
 AuthGroupFile /dev/null
 AuthName "Confidential Information"
 AuthType Basic
 require user admin
	
admin:password
	
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
AuthName "Confidential Information"
AuthType Basic
require valid-user
	
htpasswd -bc /path/to/file/.htpasswd admin password

Source: http://pastebin.com/raw.php?i=0w1KdvWB

« Older Entries