If you have local access and are allowed to write. Htaccess itself, there are many interesting things that can be tried. . htaccess is the extension of the httpd.conf, the Apache configuration directory at each level.
Suppose mysite.com files placed on my site as the user's / home / my site / www.
Apache does not limit the size. Htaccess, so you can launch DOS to create the file. Htaccess great.
$cd /home/situsku/www$perl -e'print "# allow from all\n" x 200_000' > .htaccess
The above line will write a file size of about 3MB access. Try accessing situsku.com front page of the local network. If the response is slow, then we can continue the game. If not, then the server has been configured to ignore.htaccess.
We can multiply this effect by creating multiple levels of directories or directory loop. Apache also allowed. Htaccess form symlink, so that we can do like this:
$cd/home/situsku/www$mkdir www2$cd www2$ln -s ../.htaccess .htaccess
Access to www2 will be slower because Apache process first. Htaccess in www /, new to www2. And so on.
Apache prior to 1.2.5 do not check the file type. Htaccess. So it can be attacked by DOS as follows (the example below for. htpasswd):
AuthType Basic
AuthName DoS Attack
AuthUserFile /dev/zero
require valid-user
When trying to read the password file and look for colon delimiters username and password, Apache will get lost in the jungle zero forever, and spend the CPU and RAM.
1.2.5 Apache after checking this, but have not checked fifo or named pipe. We can make. Htaccess file as a named pipe:
$mknod.htaccess p
And when Apache tries to read file access, it will wait forever, because no one writes to the pipe we had. Enter the URL to the directory containing these pipes in your browser repeatedly, then the long Apache will run for each dependent reads .htaccess.
Various other configurations weakness can also be exploited through. Htaccess. For example, if AllowOverride FileInfo active and webserver has mod_status, the following berikan.htaccess to see the Apache status page:
<Files /server-status>
SetHandler server-status
</Files>
Status page is useful to know the level of your Apache busy, and can also be used by attackers to be more effective in doing its job.
Or, if Options FollowSymLinks life, you can view the source code of CGI / PHP another user. For example, users who want to spy is a victim. The following command entered by the user criminals.
$cd/home/penjahat/www$mkdir korban; cd korban$ln -s /home/korban/www www$echo -e " directoryindex none sethandler default-handler forcetype text/plain" > .htaccess
Access the directory / home / criminal / www / victim / www browser. Then you will see all the files belonging to the victim as a source www. You can steal a valuable program, database passwords, etc..
There are some other interesting combinations to play around with. Htaccess. Please search and find out for yourself.
solution 5
Number one, do you need .htaccess? If not, turn it off. AllowOverride None. All problems sorted out. Not only is the system more secure than the user, Apache will also increase performance. Continue to Method 6.
If you need to give access to make .htaccess for the user, then apply this patch: limit_htaccess.patch. Patches can restrict user misbehavior by introducing three new directive.
- LimitAccessFileSize, to limit the maximum size. htaccess. Note that the default value is 8k. To turn off restrictions on size, give a value of 0.
- LimitAccessFileType, to limit the types of files are allowed. For example, we only allow regular files and pipes, sockets, device, or even a symlink. Then add this line to your httpd.conf regular LimitAccessFileType.
- LimitAccessFileToRoot, to oblige. htaccess owned by root. This means that Apache can still run. Htaccess, but the user is not allowed to make their own. You can create such a Web interface control panel, for example, that the user can make. Htaccess, but only certain commands only in limited quantities.
Give Options-FollowSymLinks directive also if you want to prevent people from being able to make a loop directory.
Selection commands that may be given. Htaccess through AllowOverride directive. For example, if you are using mod_perl, menghidupkanAllowOverride FileInfo is not recommended, because the user can make. Htaccess to run a Perl handler itself, which runs as an Apache user and have access to the webserver bowels.
