benchmark tool for HTTP pages.

From: Tacettin Karadeniz (tacettinkaradenizat_private)
Date: Sun Nov 10 2002 - 09:09:23 PST

Next message: K. K. Mookhey: "Buffer Overflow in iSMTP Gateway"

Previous message: S G Masood: "Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ezhttpbench.php
eZ httpbench version 1.1(http://developer.ez.no)  -
benchmark tool for HTTP pages.

A security vulnerability in the product allows remote
attackers to download any file 
on the local system that the eZ httpbench has read
access to.

Vulnerable systems:
eZ httpbench version 1.1

eZ httpbench php script allows remote visitors to view
any file on a webserver.

Exploit:
http://www.web_sitesi/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1

This will display the /etc/passwd (if the webserver
user has access to this file).

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

Next message: K. K. Mookhey: "Buffer Overflow in iSMTP Gateway"
Previous message: S G Masood: "Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 08:20:28 PST