Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Mrtg Path Disclosure Vulnerability
From: Barney Wolff <barney () databus com>
Date: Mon, 4 Feb 2002 12:05:59 -0500
Unless I'm terribly confused, mrtg only generates files and runs off
cron, not as a cgi.  So you're dealing with something other than mrtg
itself.  Also, the current version is 2.9.18pre1.

Barney Wolff

On Mon, Feb 04, 2002 at 02:18:54AM +0200, Tamer Sahin wrote:


Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi
script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg v2.090011
Mrtg v2.090006

Vulnerable:
Mrtg v2.090011
Mrtg v2.090006

And may be other.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]