[horde] Security hole?
Nick Peters
nick.peters at candoltd.com
Wed May 3 09:37:13 PDT 2006
If this is a hole, wouldn't the attacker need to know the filename (more
like ID number) of the attachment that they wish to download? Seems to
me like a very ~remote~ chance that they'd actually guess a file name.
That line in your apache log file should give you an ip address of the
person that made the request. To figure out if this actually was an
attacker (and not a legit user), you could grep your log file for lines
that have that ip address and look for stuff about login etc....
If it's the only line with that ip, then there is a chance that it was
somebody trying to get at a file. It was most likely a user that
generated that line in your logs.
Well at least that's how i see it anyways.
Nick Peters
IT Assistant
Cando Contracting Ltd
www.candoltd.com
myhorde at nbiss.com wrote:
> This is from my Apache log file. Request was placed by the outside
> user.
> /horde/services/download/?module=imp&thismailbox=INBOX&index=24&mailbox=INBOX&actionID=download_attach&id=1.2&mimecache=2b0fe832996f2aaa63be59ce45f51c15&fn=%2Funnamed
>
>
> The response code was - 200.
>
> Thanks
>
> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Mark M <myhorde at nbiss.com>:
>>
>>> What happens if horde/services/download is called directly?
>>> Does 3.1.1 take care of it?
>>
>>
>> Huh?
>>
>> Jan.
>>
>> --
>> Do you need professional PHP or Horde consulting?
>> http://horde.org/consulting/
>>
>> --
>> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
More information about the horde
mailing list