Author Topic: WEB-INF./cmdasp.asp (Read 3505 times)

pakman · « **on:** July 02, 2013, 11:05:08 AM »

does anyone know what this file is or does? When I try to accesss this I get the following.
access to the specified resource has been forbidden

apache tomcat 5.5.25

thanks,

petr.necas · « **Reply #1 on:** July 02, 2013, 12:19:12 PM »

Can you please provide some steps to reproduce this issue?

pakman · « **Reply #2 on:** July 03, 2013, 01:06:23 PM »

Yes,

If you type in the IP address of one of your PBX's and the subject you will get the error.

http://x.x.x.x/web-inf./cmdasp.asp

Thanks,

petr.necas · « **Reply #3 on:** July 03, 2013, 04:17:23 PM »

I've got the same error. Why do you want to access this file?

HTTP Status 403 -

--------------------------------------------------------------------------------

type Status report

message

description Access to the specified resource () has been forbidden.

--------------------------------------------------------------------------------

Apache Tomcat/5.5.25

pakman · « **Reply #4 on:** July 03, 2013, 05:00:17 PM »

I am looking into different ways folks could leverage the system to hack in...and I am trying to find out if this is a valid file and has it been modified recently or if there's been passwords put on this file since it Say's forbidden that tips me off about a password and the fact it has cmdasp on it makes me worry a little bit.

acejavelin · « **Reply #5 on:** July 03, 2013, 05:15:29 PM »

Did you FTP into the controller and grab the file and take a look at it?

I have not heard of one instance of a 3300 being hacked directly, the VM is another story, but never the web interface unless someone knew the password, or it was default.

Mitel Forums - The Unofficial Source

News:

Author Topic: WEB-INF./cmdasp.asp (Read 3505 times)

pakman

WEB-INF./cmdasp.asp

petr.necas

Re: WEB-INF./cmdasp.asp

pakman

Re: WEB-INF./cmdasp.asp

petr.necas

Re: WEB-INF./cmdasp.asp

pakman

Re: WEB-INF./cmdasp.asp

acejavelin

Re: WEB-INF./cmdasp.asp