Author Topic: WEB-INF./cmdasp.asp  (Read 3505 times)

Offline pakman

  • Sr. Member
  • ****
  • Posts: 483
  • Karma: +1/-0
    • View Profile
WEB-INF./cmdasp.asp
« on: July 02, 2013, 11:05:08 AM »
does anyone know what this file is or does? When I try to accesss this I get the following.
access to the specified resource has been forbidden

apache tomcat 5.5.25

thanks,


Offline petr.necas

  • Sr. Member
  • ****
  • Posts: 393
  • Country: cz
  • Karma: +8/-0
    • View Profile
Re: WEB-INF./cmdasp.asp
« Reply #1 on: July 02, 2013, 12:19:12 PM »
Can you please provide some steps to reproduce this issue?

Offline pakman

  • Sr. Member
  • ****
  • Posts: 483
  • Karma: +1/-0
    • View Profile
Re: WEB-INF./cmdasp.asp
« Reply #2 on: July 03, 2013, 01:06:23 PM »
Yes,

If you type in the IP address of one of your PBX's and the subject you will get the error.

http://x.x.x.x/web-inf./cmdasp.asp

Thanks,

Offline petr.necas

  • Sr. Member
  • ****
  • Posts: 393
  • Country: cz
  • Karma: +8/-0
    • View Profile
Re: WEB-INF./cmdasp.asp
« Reply #3 on: July 03, 2013, 04:17:23 PM »
I've got the same error. Why do you want to access this file?

HTTP Status 403 -

--------------------------------------------------------------------------------

type Status report

message

description Access to the specified resource () has been forbidden.


--------------------------------------------------------------------------------

Apache Tomcat/5.5.25

Offline pakman

  • Sr. Member
  • ****
  • Posts: 483
  • Karma: +1/-0
    • View Profile
Re: WEB-INF./cmdasp.asp
« Reply #4 on: July 03, 2013, 05:00:17 PM »
I am looking into different ways folks could leverage the system to hack in...and I am trying to find out if this is a valid file and has it been modified recently or if there's been passwords put on this file since it Say's forbidden that tips me off about a password and the fact it has cmdasp on it makes me worry a little bit.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: WEB-INF./cmdasp.asp
« Reply #5 on: July 03, 2013, 05:15:29 PM »
Did you FTP into the controller and grab the file and take a look at it?

I have not heard of one instance of a 3300 being hacked directly, the VM is another story, but never the web interface unless someone knew the password, or it was default.


 

Sitemap 1 2 3 4 5 6 7 8 9 10