PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 16:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSEdoc: wrap lines, fix bulleted lists

Browse Source
This commit is contained in:
dmiller
2015-07-11 04:01:05 +00:00
parent a59056e29e
commit 339f0ffd7d
63 changed files with 408 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
scripts/http-axis2-dir-traversal.nse
View File

@@ -8,10 +8,19 @@ local string = require "string"
local table = require "table"
description = [[
Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by
sending a specially crafted request to the parameter <code>xsd</code>
(OSVDB-59001). By default it will try to retrieve the configuration file of the
Axis2 service <code>'/conf/axis2.xml'</code> using the path
<code>'/axis2/services/'</code> to return the username and password of the
admin account.
To exploit this vulnerability we need to detect a valid service running on the installation so we extract it from <code>/listServices</code> before exploiting the directory traversal vulnerability.
By default it will retrieve the configuration file, if you wish to retrieve other files you need to set the argument <code>http-axis2-dir-traversal.file</code> correctly to traverse to the file's directory. Ex. <code>../../../../../../../../../etc/issue</code>
To exploit this vulnerability we need to detect a valid service running on the
installation so we extract it from <code>/listServices</code> before exploiting
the directory traversal vulnerability. By default it will retrieve the
configuration file, if you wish to retrieve other files you need to set the
argument <code>http-axis2-dir-traversal.file</code> correctly to traverse to
the file's directory. Ex. <code>../../../../../../../../../etc/issue</code>
To check the version of an Apache Axis2 installation go to:
http://domain/axis2/services/Version/getVersion
@@ -33,10 +42,6 @@ Reference:
-- @args http-axis2-dir-traversal.file Remote file to retrieve
-- @args http-axis2-dir-traversal.outfile Output file
-- @args http-axis2-dir-traversal.basepath Basepath to the services page. Default: <code>/axis2/services/</code>
--
-- Other useful arguments for this script:
-- @args http.useragent User Agent used in the GET requests
---
author = "Paulino Calderon <calderon@websec.mx>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"