bypass authorization?

[Andreas Ericsson]

John Stotler wrote:
> Does anyone know of a way to bypass the authorization required to access
> the cgi stuff?
> 
> The machine I'm using is locked down, and I can assume that user
> dummy/dummy is on the system.
> 
That depends on what version of apache you're running, since that's 
whats handling the authorization.
I know there was an issue with mod_ssl on apache 1.3.28, but afaik it 
can only be used to gain shell access as the user owning the apache 
process. That should ofcourse suffice, since you'd be able to add your 
own password later (on a loosely set system, that is).

> 
> thanks,

Not sure I helped, but you're welcome none-the-less.

> John
> 

-- 
Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se


-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver
higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null