Re: Injecting commands into a mainframe through a servlet

[Frederic Charpentier <fcharpen () xmcopartners com>]

> What output do you get from the servlet, and what's in the
> http headers? 

it's a logon screen, interfaced with a web page.

> Is the servlet running on the mainframe ? Can you telnet to
> the mainframe ?

the mainframe is behind. I can just access the web page.

I try some stuffs like : logon applid(tso), but the server stops 
responding after that.

What I could like to find is a kind of default applid we could find on 
any mainframe.

I also try default logon like qpmgr, quser, srv.. but it remains 
unsuccessful.

  Try a 3270 emulator like x3270 or mochasoft
> from http://www.mochasoft.dk
>
>
>
> ---- Original message ----
>
> > Date: Wed, 08 Jun 2005 14:37:49 +0200
> > From: Frederic Charpentier <fcharpen () xmcopartners com>  
> > Subject: Injecting commands into a mainframe through a servlet  
> > To: pen-test () securityfocus com
> >
> > hi all,
> > I'm conducting a pentest and I found a url with something
>
> like AS400 or 
>
> > OS390 command in a url parameter.
> >
> > sample :
> > www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01)
> >
> > I saw a multiple web site that I could add command like :
> > www.client.com/Servlet.srv?codeLogon=logon+applid+(tesre01)+DATA(stuff)
> >
> > Anyone have I idea about howx I could exploit this ? like
>
> default 
>
> > application, ...
> >
> > Fred.
> >
> > --
> > Frederic Charpentier - Xmco Partners
> > Security Consulting / Pentest
> > web  : http://www.xmcopartners.com

--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com