Hi, i have found a command "htp.print" in a site during a pen-test. the problem is the request of one type of page, When i insert the htp.print in the browser command line. eg. www.this-is-my-company.com/oracle-directory/htp.print(sysdate) and i receive the system date of the target machine. In my internet search i found other htp command like htp.opentable, ecc.... The system is apache 1.3.9 on solaris any idea for exploit this bug? thank you Marzio ************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ************************************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 10:59:52 PST