Penetration Testing mailing list archives
Re: Injecting commands into a mainframe through a servlet
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Thu, 09 Jun 2005 10:43:56 +0200
What output do you get from the servlet, and what's in thehttp headers?
it's a logon screen, interfaced with a web page.
Is the servlet running on the mainframe ? Can you telnet to the mainframe ?
the mainframe is behind. I can just access the web page.I try some stuffs like : logon applid(tso), but the server stops responding after that.
What I could like to find is a kind of default applid we could find on any mainframe.
I also try default logon like qpmgr, quser, srv.. but it remains unsuccessful.
Try a 3270 emulator like x3270 or mochasoft
from http://www.mochasoft.dk ---- Original message ----Date: Wed, 08 Jun 2005 14:37:49 +0200From: Frederic Charpentier <fcharpen () xmcopartners com> Subject: Injecting commands into a mainframe through a servlet To: pen-test () securityfocus comhi all, I'm conducting a pentest and I found a url with somethinglike AS400 orOS390 command in a url parameter. sample : www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01) I saw a multiple web site that I could add command like : www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01)+DATA(stuff) Anyone have I idea about howx I could exploit this ? likedefaultapplication, ... Fred. -- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
Current thread:
- re: Injecting commands into a mainframe through a servlet Andrew Cathrow (Jun 08)
- Re: Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 09)