漏洞描述
Detected a Full Path Disclosure (FPD) in Cacti when the log file is not writable. The error message reveals the absolute path of the log file on the server.
cacti-fpd: Cacti - Full Path Disclosure
PoC代码[已公开]
id: cacti-fpd
info:
name: Cacti - Full Path Disclosure
author: theamanrawat
severity: low
description: |
Detected a Full Path Disclosure (FPD) in Cacti when the log file is not writable. The error message reveals the absolute path of the log file on the server.
tags: cacti,fpd,exposure,path,misconfig
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/cacti/"
- "{{BaseURL}}/index.php"
- "{{BaseURL}}/cacti/index.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "System log file is not available for writing"
- "please enable write access"
condition: and
- type: regex
part: body
regex:
- 'Log:\s+([a-zA-Z0-9/\\_.-]+cacti\.log)'
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'Log:\s+([a-zA-Z0-9/\\_.-]+cacti\.log)'
# digest: 490a004630440220347230dd001ee857244c626714bf01efdafd3cd93a21a0edd03107b5d3e5402d0220112218b888a073587ce0be22e64246fae7e54bde8f8162ef7a5fb386f699365e:922c64590222798bb761d5b6d8e72950