[16060] in bugtraq
Re: [ Hackerslab bug_paper ] ntop web mode vulnerabliity
daemon@ATHENA.MIT.EDU (Vanja Hrustic)
Wed Aug 2 15:37:27 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10008022255230.18966-100000@emx.siamrelay.com>
Date: Wed, 2 Aug 2000 23:10:42 +0700
Reply-To: Vanja Hrustic <vanja@RELAYGROUP.COM>
From: Vanja Hrustic <vanja@RELAYGROUP.COM>
X-To: root <root@DOGFOOT.HACKERSLAB.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200008020850.RAA06122@dogfoot.hackerslab.org>
On Wed, 2 Aug 2000, root wrote:
> It's web mode is not check URL path.
>
> So if URL is "http://URL:port/../../shadow", remote user will read all file.
>
> "everyone can access traffic information" !!!
Would you mind specifying the version of ntop you have tested?
The problem above has been reported to the author 2 (or even more) months
ago, and it has been fixed immediately. There were few other security
related issues which have been fixed as well in past few months.
I have just tried version 1.3.1, and it properly returns 401 code when
trying to access '..' paths.
Looks like you have been testing some older version.
Regards,
Vanja
