Archive for June, 2007

As reported by the ISC, some people are using images to hide PHP code : if an image, contains PHP code, for example in the comment section, it may be included as an usual PHP file, and the PHP code will be happily executed. It may be a great way to hide malicious code in [...]

June 19, 2007, 4:19 pm lock

It is possible to an authenticated user in Cacti to modify the graph_start and graph_end parameters values in the URL, and specify higher numbers than expected in order to make cacti use all the server CPU.
For example, if an user modify a graph URL as seen is the location bar:
http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234&graph_end=1179871034
to this one:
http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234000&graph_end=1179871034000
rrdtool will take [...]

June 2, 2007, 12:17 pm lock