- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20143
- Проверка EDB
-
- Пройдено
- Автор
- DUBHE
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2000-0705
- Дата публикации
- 2000-08-02
Код:
source: https://www.securityfocus.com/bid/1550/info
ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode (with the -w parameter) starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides. ntop does not properly authenticate requests and is vulnerable to a ../../ request whereby unauthorized files can be retrieved, including files which are only readable by root.
The default directory ntop serves HTML from is /etc/ntop/html so to retrieve /etc/shadow one can request the following URL: http://URL:port/../../shadow- Источник
- www.exploit-db.com
