|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nicolas Gregoire (ngregoire
exaprobe.com)Date: Thu Feb 07 2002 - 11:32:15 CST
04/02/2002 14:58:55, Peter Gründl <pgrundlkpmg.dk> wrote :
>A request for a DOS-device from CGI-BIN with any given extension
>is accepted by the server as a valid request and is passed on
>the to cgihandler (nhttpcgi.exe).
I've played a little bit with a Lotus Domino server (version 5.0.8) on Windows 2000 and
with NoBanner set to 1.
I've found two strange behaviours :
1°)
When the requested script has a ".pl" extension, the physical path of the file is revealed.
This allow us to identify (in this case) a Windows version.
Quick cut-and-paste of the result page :
======8<==========================================================
Error 500
Execution of Perl script e:\notes\data\domino\cgi-bin\NUL.pl failed. Error = 2
--------------------------------------------------------------------------------
Lotus-Domino/5.0.8
Content-type: text/html
Error 500
Unable to run CGI program. No such file or directory
--------------------------------------------------------------------------------
Lotus-Domino/5.0.8
======8<==========================================================
I've not investigated why there are two "Error 500 " in this page ....
2°)
Any 500 error code is sent with the banner (here "Lotus-Domino/5.0.8") despite the
NoBanner setting
Nicolas Gregoire
Exaprobe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]