[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pen-test
Subject:    htp.print in pen-test
From:       "Scalise, Marzio" <marzioscalise () KPMG ! it>
Date:       2001-12-17 17:26:47
[Download RAW message or body]

Hi,

i have found a command "htp.print" in a site during a pen-test.
the problem is the request of one type of page, 
When i insert the htp.print in the browser command line.

eg. www.this-is-my-company.com/oracle-directory/htp.print(sysdate)

and i receive the system date of the target machine.

In my internet search i found other htp command like htp.opentable, ecc....

The system is apache 1.3.9 on solaris
any idea for exploit this bug?

thank you 

Marzio


**************************************************************************
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by
anyone else is unauthorized. 

If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. When addressed to 
our clients any opinions or advice contained in this email are 
subject to the terms and conditions expressed in the governing
KPMG client engagement letter.         
**************************************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

[prev in list] [next in list] [prev in thread] [next in thread]