Re: [PEN-TEST] WebLogic 5.1.0 < SP7

[Ted Behling <TBehling () MONARCHIS NET>]

Your Perl scriptlet prints "GET/..AAAAAAAAAAHTTP/1.0", which it could be
interpreting as an invalid HTTP query (per RFC 1945,
ftp://ftp.isi.edu/in-notes/rfc1945.txt, page 22).  You answered your own
question at the end of your quote; once you put a space after your GET and
before your HTTP/1.0, it becomes a valid query, and hence does not return a
500.  I'm not specifically flent in WebLogic, but it seems likely to me
that it's gagging on not being able to parse your query rather than trying
to access a parent directory.

At 06:02 PM 3/15/01 -0600, Matt W. wrote:
> perl -e 'print "GET" . "/.." . "A" x 10 . "HTTP/1.0" . "\n\n"' | nc
> <server> <port>
>
> HTTP/1.1 500 internal Server Error
> Server: Weblogic 5.1.0 Service Pack 6 09/20/2000
> Conten-Type: text/html
> Connection:Close
> java.lang.NullPointerException
>
> The other interesting thing is if you put a space between the GET and
> the /.. it still does the above but if put a space between the A's and
> the HTTP/1.0 there is no error.


------------------------------------------------
Ted Behling, E-Commerce Consultant
Monarch Information Systems, Inc.
"Because Every Business Should Be An E-Business"

43 Folly Field Road, Unit 4
Hilton Head Island, SC 29928-5434
Toll-free Phone & Fax: 1-800-842-7894
Local or Outside the USA: 1-843-842-7894
mailto:tbehling () monarchis net
http://www.monarchis.net
------------------------------------------------