MRTG CGI Arbitrary File Display Vulnerability

Add to Favorites

Forum
Blog

Home

Rules

New Posts

Help

SPONSORED LINKS

Simply Awesome VPS
Server: 2xE5450, 32 GB memory, RAID10 drives, Internap/Mzima.
30% OFF coupon HD30SP
www.fluidhosting.com

Blesta
Productive billing software. Demo and trial available. 25% OFF coupon HD25.
www.blesta.com

Managed VPS
VPN management, backup, automated reboots. Dallas, Seattle, or D.C. NOC's.
www.zipservers.com

Linux VPS Hosting
7-th Anniversary Sale, 50% OFF all VPS plans. From $14.95. Keep the same price forever.
www.rosehosting.com

Just Host $4.95/month
The last hosting plan you’ll ever need - 750GB disk space and 10TB transfers.
www.justhost.com

ClientExec 3.0
The easiest to use billing application just got some muscle. Try out our demo today.
www.clientexec.com

Cheap Web Hosting
Reliable hosting from $4.99/mo. NO overselling, NO hidden-fees, Multi-level spam protection!
www.hostsvault.com

LinkBack

Thread Tools

Post #1 (permalink) 02-05-2002, 11:20 AM

Homer

HD Addict

Join Date: Jan 2002

Posts: 122

Status:

Multi Router Traffic Grapher (MRTG) CGI scripts (current version is 2.9.17) allow display of arbitrary files from the host machine. This can be accomplished by specifying a relative path and file name in a query string passed to the scripts via a properly constructed URL. The scripts reported to be vulnerable include mrtg.cgi, traffic.cgi, 14all-1.1.cgi, and 14all.cgi. An example URL is: http://somehost/mrtg.cgi?cfg=../../....../etc/passwd. All affected scripts are reportedly exploited with the same query string. (ie, the "cfg=" variable).

Thread Tools
Show Printable Version Email this Page

New Post

Old Post

Posting Rules:
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is Off HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On