[ Hackerslab bug_paper ] ntop web mode vulnerabliity

[root <root () DOGFOOT HACKERSLAB ORG>]

================================================================================

             [ Hackerslab bug_paper ] ntop web mode vulnerabliity

================================================================================



Command  :   /sbin/ntop -w <port>


SYSTEM :   N/A


INFO :

           ntop - display top network users     
        

      -w
        Starts ntop
in web  mode.  Users  can  attach  their  web
        browsers  to the specified port and browse traffic infor­
        mation remotely. Supposing to start ntop
at the port 3000
        (ntop  -w  3000),  the  URL  to  access  is  http://host­
        name:3000/.  The  file   ~/.ntop   specifies   the   HTTP
        user/password  of  those people who are allowed to access
        ntop. If the ~/.ntop file is missing no security will  be
        used  hence  everyone  can  access traffic information. A
        simple .ntop file is the following: # # .ntop File format
        #  #  user<tab>/<space>pw # # luca      linux Please note
        that an HTTP server is NOT needed in  order  to  use  the
        program in interactive mode.* 'bdf' program has SUID permission.


If use 'ntop' in web mode, it's web root is "/etc/ntop/html".

It's web mode is not check URL path.

So if URL is "http://URL:port/../../shadow";, remote user will read all file.

"everyone  can  access traffic information" !!!

If ntop use for public, anyone read all files.

==-------------------------------------------------------------------------------==
       *********
   *    **   **    *
 *      **   **      *
*       *******      *
 *      **   **      *                                       dubhe () hackerslab org
   *    **   **    *                                    [  http://www.hackerslab.org ]
       *********           HACKERSLAB (C)  since 2000
==-------------------------------------------------------------------------------==