Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

HTTP Unblessed reference question

by abdiel (Monk)
on Apr 16, 2002 at 16:51 UTC ( #159562=perlquestion: print w/ replies, xml ) Need Help??
abdiel has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to create a simple check to make sure none of the servers I manage have FrontPage permission set open on them. I will be incorporating this check into a security auditing script I've been working on for some time. Essentially, I want to duplicate the check that whisker.pl performs for front page (making a specific POST request to author.dll on a server, and inspecting the results to determine if I have the necessary access). I thought (perhaps optimistically) that I'd be able to simply create my own check, rather than trying to link into whisker. Here is the code I have so far:
#! perl -w use LWP::UserAgent; use HTTP::Request; $user_agent = new LWP::UserAgent || die "couldn't create agent"; my $servername = shift; my $url = "http://".$servername."/_vti_bin/_vti_aut/author.dll"; print "$url\n"; $fp_request = new HTTP::Request('POST', $url, [method=>'list+documents%3a3%2e0%2e2%2e1706', service-name=>'', listHiddenDocs=>'true', listExplorerDocs=>'true', listRecurse=>'false', listFiles=>'true', listFolders=>'true', listLinkInfo=>'true', listIncludeParent=>'true', listDerivedT=>'false', listBorders=>'false']) || die "Coudn't make request"; $results = $user_agent->Request($fp_request) || die "I died here"; print "$results\n";
Which, when run, returns the following:
Can't call method "clone" on unblessed reference at C:/Perl/site/lib/HTTP/Message.pm line 53.
I realize the above code is ugly and lacking 'use strict', but it's really just prototype/proof of concept code right now. I also looked through CPAN at HTTP::Request, and LWP::UserAgent, but didn't find anything there that would indicate what I'm doing wrong. Can someone point me in the right direction? Note: I've read this node and unfortunately was not able to figure out what I've done wrong.

Comment on HTTP Unblessed reference question
Download Code
Re: HTTP Unblessed reference question
by stephen (Priest) on Apr 16, 2002 at 17:09 UTC
    From HTTP::Request docs...

    $r = HTTP::Request->new($method, $uri, $header, content)

    Constructs a new "HTTP::Request" object describing a request on the object "$uri" using method "$method". The "$uri" argument can be either a string, or a reference to a "URI" object. The optional $header argu­ment should be a reference to an "HTTP::Headers" object. The optional $content argument should be a string.

    Your third argument is an array reference, not an HTTP::Headers object. I think you wanted to use HTTP::Request::Common; that uses that syntax.

    stephen

    Update: Briefly had a "You might try" section, but removed it after realizing that the array did not appear to contain HTTP headers.

    Update 2: Added recommendation for HTTP::Request::Common

      Thank you, I didn't realize the subtle differenc between HTTP::Request and HTTP::Request::Common. It's not dying on me now. On a side note, I saw my main post got downvoted. I'm assuming that is because I'm posting a question about code that could (forget could, it is) very shady in nature. I'm not a big fan of exploit based tests myself, I'd rather go digging through the metabase to get the information as to whether or not the server is vulnerable. Unfortunately, I have not found a reliable way to determine proper permissions using metabase and other "privileged" connection methods (read: methods unusable by an outside attacker). I can only offer the monestary my assurances that this code isn't being used to attack other servers (at least not by me), particularly when there is a much better, cleaner, and better written alternative out there to launch these attacks. If I'm downvoted, so be it. Next time I'll learn to disguise my question in a more palatable manner.
Re: HTTP Unblessed reference question
by tachyon (Chancellor) on Apr 16, 2002 at 17:23 UTC

    The required syntax for HTTP request is:

    $fp_request = new HTTP::Request('POST', $url, [ $header, [$content]]);

    Every HTTP transaction must have a valid header and then two \n\n. It may or may not have a body. You have two problems. 1) no header (this needs to be a reference to an HTTP::Headers object) and 2) syntax error with your square brackets - they are not literal, they indicate optional arguments!

    use LWP::UserAgent; use strict; my $header = new HTTP::Header ( Name => 'value', Date => 'Wed, 03 Apr 2002 00:00:00 GMT', Content_Type => 'text/html' ); my $body = 'This is the body of the request!'; my $req = new HTTP::Request('POST', $url, $header, $body ); print $req->as_string

    You may have been thinking of using HTTP::Request::Common which uses that sort of syntax to produce a query string formatted body from an array ref.

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Re: HTTP Unblessed reference question
by Dogma (Pilgrim) on Apr 17, 2002 at 06:15 UTC
    ...and lacking 'use strict', but...

    This isn't to directly address your question, BUT there is no excuse for not using strict (at least not in your code example). It didn't bite you here but believe me I've had even the smallest little scripts blow up because of something simple that "use strict" would have caught. Don't let your friends program without "use strict;"

    Cheers,
    -Dogma

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://159562]
Front-paged by tachyon
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (7)
As of 2014-08-20 21:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (124 votes), past polls