================================================================================ [ Hackerslab bug_paper ] ntop web mode vulnerabliity ================================================================================ Command : /sbin/ntop -w SYSTEM : N/A INFO : ntop - display top network users -w Starts ntop in web mode. Users can attach their web browsers to the specified port and browse traffic infor­ mation remotely. Supposing to start ntop at the port 3000 (ntop -w 3000), the URL to access is http://host­ name:3000/. The file ~/.ntop specifies the HTTP user/password of those people who are allowed to access ntop. If the ~/.ntop file is missing no security will be used hence everyone can access traffic information. A simple .ntop file is the following: # # .ntop File format # # user/pw # # luca linux Please note that an HTTP server is NOT needed in order to use the program in interactive mode.* 'bdf' program has SUID permission. If use 'ntop' in web mode, it's web root is "/etc/ntop/html". It's web mode is not check URL path. So if URL is "http://URL:port/../../shadow", remote user will read all file. "everyone can access traffic information" !!! If ntop use for public, anyone read all files. ==-------------------------------------------------------------------------------== ********* * ** ** * * ** ** * * ******* * * ** ** * dubhe@hackerslab.org * ** ** * [ http://www.hackerslab.org ] ********* HACKERSLAB (C) since 2000 ==-------------------------------------------------------------------------------==