Patch to address false positive generated when the target's httpd responds with a HTTP 200 for every request. Committing after email exchange with Paulino C.

2025-12-24 08:29:04 +00:00 · 2012-07-04 02:30:18 +00:00
parent 7443db6f37
commit 1db5621470
1 changed files with 7 additions and 0 deletions
--- a/scripts/http-huawei-hg5xx-vuln.nse
+++ b/scripts/http-huawei-hg5xx-vuln.nse
@@ -78,6 +78,13 @@ including PPPoE credentials, firmware version, model, gateway, dns servers and a
           disclosure = {year = '2011', month = '01', day = '1'},
       },
     }
+     
+  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
+  local _, http_status, _ = http.identify_404( host.ip,port)
+  if ( http_status == 200 ) then
+    return false
+  end
+  
  local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
  local open_session = http.get(host.ip, port, "/Listadeparametros.html")
  if open_session and open_session.status == 200 then