SLUG Mailing List Archives
RE: [SLUG] IP Accounting - ntop security problem
- To: <slug@xxxxxxxxxxx>
- Subject: RE: [SLUG] IP Accounting - ntop security problem
- From: "Marty" <marty@xxxxxxxxxxxxx>
- Date: Thu Aug 3 07:39:46 2000
> If you use the latest ntop from CVS it handles restarts without resetting
> the counters. I've not had a segfault for a few months now.
> John Wiltshire
hehe, did you see bugtraq this morning? This is an excerpt from Hackerslab
If use 'ntop' in web mode, it's web root is "/etc/ntop/html".
It's web mode is not check URL path.
So if URL is "http://URL:port/../../shadow", remote user will read all file.