Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000883 [Cacti] Poller (cactid, cmd.php) major always 2006-12-28 09:59 2007-11-13 12:51
Reporter rony View Status public  
Assigned To TheWitness
Priority high Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version Product Version 0.8.6i
  Target Version Product Build
Summary 0000883: Exploit in cmd.php with register globals enabled in php.
Description Attached is the exploit code.

Exploit example:
http://www.milw0rm.com/exploits/3029 [^]

Forum discussion:
http://forums.cacti.net/viewtopic.php?t=18846 [^]
Steps To Reproduce
Additional Information This is only an issue if "register_globals" is enabled in php.

Correction if "register_argc_argv" is enabled in php.
Tags No tags attached.
Attached Files txt file icon cacti_exploit_3029.txt [^] (5,645 bytes) 2006-12-28 09:59 [Show Content]

- Relationships

-  Notes
(0002098)
TheWitness (developer)
2006-12-31 01:16

Corrected in SVN.

- Issue History
Date Modified Username Field Change
2006-12-28 09:59 rony New Issue
2006-12-28 09:59 rony File Added: cacti_exploit_3029.txt
2006-12-28 14:46 rony Additional Information Updated
2006-12-28 14:46 cigamit Issue Monitored: cigamit
2006-12-29 15:48 roddie Issue Monitored: roddie
2006-12-30 20:35 TheWitness Status new => assigned
2006-12-30 20:35 TheWitness Assigned To => TheWitness
2006-12-31 01:16 TheWitness Status assigned => resolved
2006-12-31 01:16 TheWitness Resolution open => fixed
2006-12-31 01:16 TheWitness Note Added: 0002098
2007-11-13 12:51 TheWitness Status resolved => closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker