OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [ Hackerslab bug_paper ] ntop web mode vulnerabliity
From: root (rootDOGFOOT.HACKERSLAB.ORG)
Date: Wed Aug 02 2000 - 03:50:35 CDT


================================================================================

             [ Hackerslab bug_paper ] ntop web mode vulnerabliity

================================================================================

Command : /sbin/ntop -w <port>

SYSTEM : N/A

INFO :

           ntop - display top network users
        

      -w
        Starts ntop
in web mode. Users can attach their web
        browsers to the specified port and browse traffic infor­ mation remotely. Supposing to start ntop
at the port 3000
        (ntop -w 3000), the URL to access is http://host\ name:3000/. The file ~/.ntop specifies the HTTP
        user/password of those people who are allowed to access
        ntop. If the ~/.ntop file is missing no security will be
        used hence everyone can access traffic information. A
        simple .ntop file is the following: # # .ntop File format
        # # user<tab>/<space>pw # # luca linux Please note
        that an HTTP server is NOT needed in order to use the
        program in interactive mode.* 'bdf' program has SUID permission.

If use 'ntop' in web mode, it's web root is "/etc/ntop/html".

It's web mode is not check URL path.

So if URL is "http://URL:port/../../shadow", remote user will read all file.

"everyone can access traffic information" !!!

If ntop use for public, anyone read all files.

==-------------------------------------------------------------------------------==
       *********
   * ** ** *
 * ** ** *
* ******* *
 * ** ** * dubhehackerslab.org
   * ** ** * [ http://www.hackerslab.org ]
       ********* HACKERSLAB (C) since 2000
==-------------------------------------------------------------------------------==