PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Applied patch that corrects an issue where the http-method-tamper

Browse Source 
script would fail to properly detect JBoss servers vulnerable to the
  CVE-2010-0738 vulnerability. [Hani Benhabiles]
This commit is contained in:
patrik
2011-12-08 19:04:42 +00:00
parent 682a9a746b
commit 25a54f58cb
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Applied patch that corrects an issue where the http-method-tamper
script would fail to properly detect JBoss servers vulnerable to the
CVE-2010-0738 vulnerability. [Hani Benhabiles]
o [NSE] Added a new httpspider library and the script http-email-harvest that o [NSE] Added a new httpspider library and the script http-email-harvest that
collects e-mail addresses by spidering a website. [Patrik] collects e-mail addresses by spidering a website. [Patrik]

7
scripts/http-method-tamper.nse
View File

@@ -29,7 +29,7 @@ author = "Hani Benhabiles <kroosec@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe", "auth"} categories = {"safe", "auth", "vuln"}
require 'shortport' require 'shortport'
require 'http' require 'http'
@@ -55,7 +55,10 @@ action = function(host, port)
-- Checks if HTTP authentication or a redirection to a login page is applied. -- Checks if HTTP authentication or a redirection to a login page is applied.
if getstatus == 401 or getstatus == 302 then if getstatus == 401 or getstatus == 302 then
local headstatus = http.head(host, port, path).status local headstatus = http.head(host, port, path).status
if headstatus == 200 then if headstatus == 500 and path == "/jmx-console/" then
-- JBoss authentication bypass.
table.insert(result, ("%s: Vulnerable to CVE-2010-0738."):format(path))
elseif headstatus == 200 then
-- Vulnerable to authentication bypass. -- Vulnerable to authentication bypass.
table.insert(result, ("%s: Authentication bypass possible"):format(path)) table.insert(result, ("%s: Authentication bypass possible"):format(path))
end end

2
scripts/script.db
View File

@@ -105,7 +105,7 @@ Entry { filename = "http-joomla-brute.nse", categories = { "brute", "intrusive",
Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } } Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } } Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } } Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } }
Entry { filename = "http-method-tamper.nse", categories = { "auth", "safe", } } Entry { filename = "http-method-tamper.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "http-methods.nse", categories = { "default", "safe", } } Entry { filename = "http-methods.nse", categories = { "default", "safe", } }
Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } } Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } } Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }