Fixes a bug that prevented the script to find its resource file. Fixes #1608

2025-12-06 04:31:29 +00:00 · 2019-05-24 00:24:51 +00:00
parent 57ff460847
commit 168cbfde8e
2 changed files with 22 additions and 9 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#1608] Script http-fileupload-exploiter failed to locate its resource
+  file unless executed from a specific working directory. [nnposter]
+
 o [NSE][GH#1571] The HTTP library now provides transparent support for gzip-
  encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
  overview.) [nnposter]
--- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -56,6 +56,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

 local http = require "http"
 local io = require "io"
+local nmap = require "nmap"
 local string = require "string"
 local httpspider = require "httpspider"
 local shortport = require "shortport"
@@ -211,6 +212,16 @@ action = function(host, port)
  local foundfield = 0
  local fail = 0

+  local pixel = nil
+  local pixelfn = nmap.fetchfile("nselib/data/pixel.gif")
+  if pixelfn then
+    local fh = io.open(pixelfn, "rb")
+    pixel = fh:read("a")
+    fh:close()
+  end
+  if not pixel then
+    stdnse.debug1("Warning: Test file nselib/data/pixel.gif not found")
+  end

  local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME } )

@@ -300,10 +311,8 @@ action = function(host, port)
            end

            -- Method (3).
-            local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
-            local image = inp:read("a")
-
-            buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, image)
+            if pixel then
+              buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, pixel)

              result = makeAndCheckRequests(uploadspaths)
              if result then
@@ -312,6 +321,7 @@ action = function(host, port)
                fail = 1
              end
            end
+          end
        else
          table.insert(returntable, {"Couldn't find a file-type field."})
        end