Strange file extension issue in web server

Discuss the many weaknesses of browser security and ways to mitigate the threat

Strange file extension issue in web server

Post by senjespar on Wed Jun 22, 2011 11:56 am
([msg=58838]see Strange file extension issue in web server[/msg])

Hi all,
One of my co-workers and I do web development on the side (independently, for the most part), and we double-check each other's work from a pseudo-pentesting standpoint. (The mandatory "I have permission and it's not that I'm up to no good" introduction!)

Anyway, he has set up a few very basic directories (simple html site), but what is perplexing me is this:

domain.com/main/index.html is the landing page for "domain.com", and it appears with the full path in the address bar.
domain.com/main/contact.html, etc are the rest of the "public" pages

domain.com/members is protected with .htpasswd, and is basically the same as the main directory
domain.com/members/index.html
domain.com/members/content.html
etc..


However:
"domain.com/terms-of-service" doesn't have a file extension. When I tried various extensions, it got even stranger:
.html shows the correct page, while .htm, .cfm, .asp/x, etc all result in a 404 error...

But...
domain.com/terms-of-service.php" results in a blank white page with "No input file specified", and the URL in the TITLE area.

I tried a few basic GET parameters, but don't seem to be getting anywhere. It would appear that there are two copies of the same file: a PHP version and an HTML version. The rest of the site is in HTML, so it doesn't make sense that he'd have PHP for the TOS and privacy policy... unless he made them .php out of habit lol

I'm still trying to wrap my head around this before I see him Monday and have to admit defeat... any thoughts? Do you think this could pose a weakness?
-Sen
User avatar
senjespar
New User
New User
 
Posts: 3
Joined: Mon Jun 13, 2011 1:59 pm
Blog: View Blog (0)


Re: Strange file extension issue in web server

Post by dist0rted on Wed Jun 22, 2011 12:05 pm
([msg=58839]see Re: Strange file extension issue in web server[/msg])

FYI .htpasswd is very insecure and easily brute forced in most cases with minimal effort unless your passwords are extravigantly long. (Check out the THCHydra program and you'll see what I mean... ;) )

That being said, definitely (unless he knows what you're up to and decided to throw you a curveball on purpose). I'd look for anything that mentions the TOS in the regular web site with any hint on whatever input it's looking for.
All knowledge is good; only the way it is put into action can be good or evil. - An ape from the original Planet of the Apes

Feel free to PM
User avatar
dist0rted
New User
New User
 
Posts: 6
Joined: Fri Dec 31, 2010 4:58 am
Blog: View Blog (0)


Re: Strange file extension issue in web server

Post by Goatboy on Wed Jun 22, 2011 6:04 pm
([msg=58866]see Re: Strange file extension issue in web server[/msg])

I'm guessing that the TOS defaults to .html, so when you exclude the extension it works. Adding the extension makes no difference. Adding .php calls a different file which is expecting params. The default page is probably defined in a .htaccess file.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2807
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Strange file extension issue in web server

Post by senjespar on Fri Jun 24, 2011 12:41 pm
([msg=58954]see Re: Strange file extension issue in web server[/msg])

I'll check out any references to TOS in the site, and see if I can download the .htaccess file and go from there.

Thanks!
-Sen
User avatar
senjespar
New User
New User
 
Posts: 3
Joined: Mon Jun 13, 2011 1:59 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests