Linux ntop Unauthorized File Retrieval Vulnerability

The default directory ntop serves HTML from is /etc/ntop/html so to retrieve /etc/shadow one can request the following URL: http://URL:port/../../shadow


 

Privacy Statement
Copyright 2010, SecurityFocus