From 079195122d8d692a782eabf822a54b9dc152d1ec Mon Sep 17 00:00:00 2001
From: patrik <patrik@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 11 May 2011 13:04:20 +0000
Subject: [PATCH] o [NSE] Applied patch from Daniel Miller that fixes a bug in
 http-form-brute   reported by Josh Greenwood. The script would break if
 autodetection of   either brute form fields would fail.

  http://seclists.org/nmap-dev/2011/q2/524
---
 CHANGELOG                   | 4 ++++
 scripts/http-form-brute.nse | 8 ++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index f12ec2d58..3f5870355 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Applied patch from Daniel Miller that fixes a bug in http-form-brute
+  reported by Josh Greenwood. The script would break if autodetection of
+  either brute form fields would fail.
+
 o [NSE] Added a SIP library and two new scripts sip-brute.nse and
   sip-user-enum.nse providing brute and user enumeration support for the SIP
   protocol. [Patrik]
diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
index 75e2dd569..32c4929d9 100644
--- a/scripts/http-form-brute.nse
+++ b/scripts/http-form-brute.nse
@@ -132,10 +132,14 @@ action = function( host, port )
 	local uservar = nmap.registry.args['http-form-brute.uservar']
 	local passvar = nmap.registry.args['http-form-brute.passvar']
   	local path = nmap.registry.args['http-form-brute.path'] or "/"
-	local status, result, engine
+	local status, result, engine, _
 
-	if ( not(uservar) or not(passvar) ) then
+	if ( not(uservar) and not(passvar) ) then
 		uservar, passvar = detectFormFields( host, port, path )
+	elseif ( not(uservar) ) then
+		uservar, _ = detectFormFields( host, port, path )
+	elseif ( not(passvar) ) then
+		_, passvar = detectFormFields( host, port, path )
 	end
 	if ( not( uservar ) ) then
 		return "  \n  ERROR: No uservar was specified (see http-form-brute.uservar)"