PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Move stdnse.generate_random_string to new rand.lua

Browse Source
This commit is contained in:
dmiller
2018-09-08 17:07:06 +00:00
parent deea96de7c
commit 26ef852a28
43 changed files with 123 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/http-vuln-cve2011-3368.nse
View File

@@ -4,8 +4,7 @@ local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
local openssl = stdnse.silent_require "openssl"
local rand = require "rand"
description = [[
Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode.
@@ -72,7 +71,7 @@ servers to remote users who send carefully crafted requests.]],
-- Take a reference chrono for a 404
local start = os.time(os.date('*t'))
local random_page = stdnse.tohex(openssl.sha1(openssl.rand_pseudo_bytes(512)))
local random_page = rand.rand_alpha(20)
local reference = http.get(host,port,("%s/%s.htm"):format(prefix,random_page))
local chrono_404 = os.time(os.date('*t'))-start