Lucene search
K

Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval

🗓️ 02 Aug 2000 00:00:00Reported by dubheType 
exploitpack
 exploitpack
👁 20 Views

Unauthorized file retrieval in ntop allows access to sensitive files via improper authentication.

Code
source: https://www.securityfocus.com/bid/1550/info

ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode (with the -w parameter) starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides. ntop does not properly authenticate requests and is vulnerable to a ../../ request whereby unauthorized files can be retrieved, including files which are only readable by root. 

The default directory ntop serves HTML from is /etc/ntop/html so to retrieve /etc/shadow one can request the following URL: http://URL:port/../../shadow

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Aug 2000 00:00Current
0.5Low risk
Vulners AI Score0.5
20