PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Applied patch from Daniel Miller that fixes a bug in http-form-brute

Browse Source 
reported by Josh Greenwood. The script would break if autodetection of
  either brute form fields would fail.

  http://seclists.org/nmap-dev/2011/q2/524
This commit is contained in:
patrik
2011-05-11 13:04:20 +00:00
parent 8ef0de3011
commit 079195122d
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/http-form-brute.nse
View File

@@ -132,10 +132,14 @@ action = function( host, port )
local uservar = nmap.registry.args['http-form-brute.uservar']
local passvar = nmap.registry.args['http-form-brute.passvar']
local path = nmap.registry.args['http-form-brute.path'] or "/"
local status, result, engine
local status, result, engine, _
if ( not(uservar) or not(passvar) ) then
if ( not(uservar) and not(passvar) ) then
uservar, passvar = detectFormFields( host, port, path )
elseif ( not(uservar) ) then
uservar, _ = detectFormFields( host, port, path )
elseif ( not(passvar) ) then
_, passvar = detectFormFields( host, port, path )
end
if ( not( uservar ) ) then
return " \n ERROR: No uservar was specified (see http-form-brute.uservar)"