Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Help Exploiting MQ
From: "Koen Vingerhoets" <koen.vingerhoets () ubench be>
Date: Wed, 1 Sep 2004 09:18:46 +0200

IBM MQ
- Series
- Workflow
- Websphere

A whole myriad of IBM tools... I would be interested in exploits too.
One of the oddities I encountered up to now is that not-existant pages
aren't handled by the Websphere Application Server, but thrown back to the
Apache/IIS/IBM HTTP Server.  This means that that server has to be locked
down properly too... or it could give directory view and such.

Koen

-----Original Message-----
From: rick () livingstoncadservice com
[mailto:rick () livingstoncadservice com]
Sent: Tuesday, August 31, 2004 9:31 PM
To: tommy () providesecurity com
Cc: pen-test () securityfocus com; webappsec () securityfocus com;
full-disclosure-admin () lists netsys com
Subject: RE: Help Exploiting MQ



What is MQ?



***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************



-------- Original Message --------
Subject: Help Exploiting MQ
From: "Tom" <tommy () providesecurity com>
Date: Tue, August 31, 2004 6:07 am
To: full-disclosure-admin () lists netsys com
Cc: pen-test () securityfocus com, webappsec () securityfocus com

Does anyone have any tools, techniques on how to exploit weaknesses within
MQ?

Thanks,

Tom




--------------------------------------------------------------------------
----
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------
-----




------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault