From: C-Foo (c-foo@cox.net)
Date: Thu Dec 19 2002 - 23:57:16 EST
Yo,
According to any NetWare 5.1 server (and this might be under previous
versions as well) under the sys:perl\perl5.txt file, you can find where
the perl scripts reside. You guys are attempting to hit
http://address/perl/-v, the address http://address/perl/ actually
resides on the NetWare box under Sys:Novonyx\suitespot\docs\perlroot\
Under that directory there is a samples directory that I would recommend
get moved or deleted. It contains some sample perl scripts in there that
may cause undesired results.
Here is a listing of them that you may want to try if you want to see.
http://address/perl/samples/cardsamp.pl
http://address/perl/samples/echo.pl
http://address/perl/samples/env.pl
http://address/perl/samples/guestboo.pl
http://address/perl/samples/lancgi.pl
http://address/perl/samples/ndslogin.pl
http://address/perl/samples/pizzacgi.pl
http://address/perl/samples/statcgi.pl
http://address/perl/samples/volscgi.pl
http://address/perl/samples/counter/counter.pl
http://address/perl/samples/Database/perlDbGetTables.pl
http://address/perl/samples/Database/perldbquery1.pl
http://address/perl/samples/Database/perldbquery2.pl
http://address/perl/samples/genie/genie.pl
http://address/perl/samples/today/formdate.pl
http://address/perl/samples/today/today.pl
http://address/perl/samples/veryinteresting/veryinteresting.pl
the http://address/perl/-v will not cause any harm that I have seen
other than reveal to your users and to the public what OS you are
running so they won't have to NMAP -sS -O your DNS name or IP. If you
aren't using that directory, place some NDS Lockdown on it, you may want
to test moving it or deleting it, but I don't recommend it.
Regards,
C-Foo
Ralph Los wrote:
>Hey - let me re-open a thread again, if you folks don't mind. I've found a
>server at one of our pen-test clients with this NetWare HTTP/HTTPS server.
>I've been trying to figure out a way to make it tango, but have been having
>some problems. Here's what I've tried and where I left off, maybe someone
>can toss some suggestions out.
>
>Attempt: http://address/perl/-v
>Result: NetWare port Copyright 1998 Novell Corporation.
> All rights reserved.
>
>Attempt: http://address/perl/-h
>Result: Page not found
>
>Attempt: http://address/perl/-e%20print%20%22hello%20world%22;
>Result: IE just hangs there "DONE"
>
>Attempt: http://address/perl/-e%20print%201;
>Result: IE just hangs there "DONE"
>
>So what's up? Is this box "patched" against this form of attack somehow?
>Could someone throw me another idea maybe?
>
>Thanks a bunch.
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT