PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 11:29:01 +00:00
Code Issues Projects Releases Wiki Activity

Move stdnse.generate_random_string to new rand.lua

Browse Source
This commit is contained in:
dmiller
2018-09-08 17:07:06 +00:00
parent deea96de7c
commit 26ef852a28
43 changed files with 123 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/http-vuln-cve2013-6786.nse
View File

@@ -39,6 +39,7 @@ local nmap = require "nmap"
local shortport = require "shortport"
local vulns = require "vulns"
local stdnse = require "stdnse"
local rand = require "rand"
portrule = shortport.http
@@ -65,7 +66,7 @@ untrusted website and XSS injection.]],
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
local header = { ["Referer"] = '"><script>alert("XSS")</script><"' }
local open_session = http.get(host, port, "/"..stdnse.generate_random_string(16), { header = header })
local open_session = http.get(host, port, "/"..rand.random_alpha(16), { header = header })
if open_session and open_session.status == 404 then
stdnse.debug2("got 404-that's good!")
if open_session.body:match('"><script>alert%("XSS"%)</script><"') then