HTTP Unblessed reference question

I am trying to create a simple check to make sure none of the servers I manage have FrontPage permission set open on them. I will be incorporating this check into a security auditing script I've been working on for some time. Essentially, I want to duplicate the check that whisker.pl performs for front page (making a specific POST request to author.dll on a server, and inspecting the results to determine if I have the necessary access). I thought (perhaps optimistically) that I'd be able to simply create my own check, rather than trying to link into whisker. Here is the code I have so far:

#! perl -w
use LWP::UserAgent;
use HTTP::Request;

$user_agent = new LWP::UserAgent || die "couldn't create agent";
my $servername = shift;
my $url = "http://".$servername."/_vti_bin/_vti_aut/author.dll";
print "$url\n";
$fp_request = new HTTP::Request('POST', $url, 
                [method=>'list+documents%3a3%2e0%2e2%2e1706',
                service-name=>'',
                listHiddenDocs=>'true',
                listExplorerDocs=>'true',
                listRecurse=>'false',
                listFiles=>'true',
                listFolders=>'true',
                listLinkInfo=>'true',
                listIncludeParent=>'true',
                listDerivedT=>'false',
                listBorders=>'false']) || die "Coudn't make request";
$results = $user_agent->Request($fp_request) || die "I died here";
print "$results\n";

[download]

Which, when run, returns the following:
Can't call method "clone" on unblessed reference at C:/Perl/site/lib/HTTP/Message.pm line 53.
I realize the above code is ugly and lacking 'use strict', but it's really just prototype/proof of concept code right now. I also looked through CPAN at HTTP::Request, and LWP::UserAgent, but didn't find anything there that would indicate what I'm doing wrong. Can someone point me in the right direction? Note: I've read this node and unfortunately was not able to figure out what I've done wrong.

Comment on HTTP Unblessed reference question Download Code
Re: HTTP Unblessed reference question by stephen (Priest) on Apr 16, 2002 at 17:09 UTC
From HTTP::Request docs... `$r = HTTP::Request->new($method, $uri, $header, content)` Constructs a new "HTTP::Request" object describing a request on the object "$uri" using method "$method". The "$uri" argument can be either a string, or a reference to a "URI" object. The optional $header argument should be a reference to an "HTTP::Headers" object. The optional $content argument should be a string. Your third argument is an array reference, not an HTTP::Headers object. I think you wanted to use HTTP::Request::Common; that uses that syntax. stephen Update: Briefly had a "You might try" section, but removed it after realizing that the array did not appear to contain HTTP headers. Update 2: Added recommendation for HTTP::Request::Common	[reply] [d/l]
Re: Re: HTTP Unblessed reference question by abdiel (Monk) on Apr 16, 2002 at 17:26 UTC
Thank you, I didn't realize the subtle differenc between HTTP::Request and HTTP::Request::Common. It's not dying on me now. On a side note, I saw my main post got downvoted. I'm assuming that is because I'm posting a question about code that could (forget could, it is) very shady in nature. I'm not a big fan of exploit based tests myself, I'd rather go digging through the metabase to get the information as to whether or not the server is vulnerable. Unfortunately, I have not found a reliable way to determine proper permissions using metabase and other "privileged" connection methods (read: methods unusable by an outside attacker). I can only offer the monestary my assurances that this code isn't being used to attack other servers (at least not by me), particularly when there is a much better, cleaner, and better written alternative out there to launch these attacks. If I'm downvoted, so be it. Next time I'll learn to disguise my question in a more palatable manner.	[reply]
Re: HTTP Unblessed reference question by tachyon (Chancellor) on Apr 16, 2002 at 17:23 UTC
The required syntax for HTTP request is: `$fp_request = new HTTP::Request('POST', $url, [ $header, [$content]]);` [download] Every HTTP transaction must have a valid header and then two \n\n. It may or may not have a body. You have two problems. 1) no header (this needs to be a reference to an HTTP::Headers object) and 2) syntax error with your square brackets - they are not literal, they indicate optional arguments! `use LWP::UserAgent; use strict; my $header = new HTTP::Header ( Name => 'value', Date => 'Wed, 03 Apr 2002 00:00:00 GMT', Content_Type => 'text/html' ); my $body = 'This is the body of the request!'; my $req = new HTTP::Request('POST', $url, $header, $body ); print $req->as_string` [download] You may have been thinking of using HTTP::Request::Common which uses that sort of syntax to produce a query string formatted body from an array ref. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply] [d/l] [select]
Re: HTTP Unblessed reference question by Dogma (Pilgrim) on Apr 17, 2002 at 06:15 UTC
...and lacking 'use strict', but... This isn't to directly address your question, BUT there is no excuse for not using strict (at least not in your code example). It didn't bite you here but believe me I've had even the smallest little scripts blow up because of something simple that "use strict" would have caught. Don't let your friends program without "use strict;" Cheers, -Dogma	[reply]


Keep It Simple, Stupid
	PerlMonks

HTTP Unblessed reference question

The best material for plates (tableware) is: