From: Frederic Charpentier (fcharpen@xmcopartners.com)
Date: Thu Jun 09 2005 - 04:43:56 EDT
> What output do you get from the servlet, and what's in the
> http headers?
it's a logon screen, interfaced with a web page.
> Is the servlet running on the mainframe ? Can you telnet to
> the mainframe ?
the mainframe is behind. I can just access the web page.
I try some stuffs like : logon applid(tso), but the server stops
responding after that.
What I could like to find is a kind of default applid we could find on
any mainframe.
I also try default logon like qpmgr, quser, srv.. but it remains
unsuccessful.
Try a 3270 emulator like x3270 or mochasoft
> from http://www.mochasoft.dk
>
>
>
> ---- Original message ----
>
>>Date: Wed, 08 Jun 2005 14:37:49 +0200
>>From: Frederic Charpentier <fcharpen@xmcopartners.com>
>>Subject: Injecting commands into a mainframe through a servlet
>>To: pen-test@securityfocus.com
>>
>>hi all,
>>I'm conducting a pentest and I found a url with something
>
> like AS400 or
>
>>OS390 command in a url parameter.
>>
>>sample :
>>www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01)
>>
>>I saw a multiple web site that I could add command like :
>>www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01)+DATA(stuff)
>>
>>Anyone have I idea about howx I could exploit this ? like
>
> default
>
>>application, ...
>>
>>Fred.
>>
>>--
>>Frederic Charpentier - Xmco Partners
>>Security Consulting / Pentest
>>web : http://www.xmcopartners.com
>>
>
>
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT