Yo, According to any NetWare 5.1 server (and this might be under previous versions as well) under the sys:perl\perl5.txt file, you can find where the perl scripts reside. You guys are attempting to hit http://address/perl/-v, the address http://address/perl/ actually resides on the NetWare box under Sys:Novonyx\suitespot\docs\perlroot\ Under that directory there is a samples directory that I would recommend get moved or deleted. It contains some sample perl scripts in there that may cause undesired results. Here is a listing of them that you may want to try if you want to see. http://address/perl/samples/cardsamp.pl http://address/perl/samples/echo.pl http://address/perl/samples/env.pl http://address/perl/samples/guestboo.pl http://address/perl/samples/lancgi.pl http://address/perl/samples/ndslogin.pl http://address/perl/samples/pizzacgi.pl http://address/perl/samples/statcgi.pl http://address/perl/samples/volscgi.pl http://address/perl/samples/counter/counter.pl http://address/perl/samples/Database/perlDbGetTables.pl http://address/perl/samples/Database/perldbquery1.pl http://address/perl/samples/Database/perldbquery2.pl http://address/perl/samples/genie/genie.pl http://address/perl/samples/today/formdate.pl http://address/perl/samples/today/today.pl http://address/perl/samples/veryinteresting/veryinteresting.pl the http://address/perl/-v will not cause any harm that I have seen other than reveal to your users and to the public what OS you are running so they won't have to NMAP -sS -O your DNS name or IP. If you aren't using that directory, place some NDS Lockdown on it, you may want to test moving it or deleting it, but I don't recommend it. Regards, C-Foo Ralph Los wrote: >Hey - let me re-open a thread again, if you folks don't mind. I've found a >server at one of our pen-test clients with this NetWare HTTP/HTTPS server. >I've been trying to figure out a way to make it tango, but have been having >some problems. Here's what I've tried and where I left off, maybe someone >can toss some suggestions out. > >Attempt: http://address/perl/-v >Result: NetWare port Copyright 1998 Novell Corporation. > All rights reserved. > >Attempt: http://address/perl/-h >Result: Page not found > >Attempt: http://address/perl/-e%20print%20%22hello%20world%22; >Result: IE just hangs there "DONE" > >Attempt: http://address/perl/-e%20print%201; >Result: IE just hangs there "DONE" > >So what's up? Is this box "patched" against this form of attack somehow? >Could someone throw me another idea maybe? > >Thanks a bunch. > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:07:30 PST