From 3e8440f5f66ac5c0cc9fc26523b2be92d7eff87c Mon Sep 17 00:00:00 2001
From: patrik <patrik@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 11 Dec 2011 09:17:21 +0000
Subject: [PATCH] o [NSE] Fixed issue in path encoding in the
 http-backup-finder script. [Patrik]

---
 CHANGELOG                      | 2 ++
 scripts/http-backup-finder.nse | 9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 81616d538..b4726af81 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Fixed issue in path encoding in the http-backup-finder script. [Patrik]
+
 o [NSE] Added the script http-backup-finder that searches for backup copies
   of files discovered by crawling a website. [Patrik]
 
diff --git a/scripts/http-backup-finder.nse b/scripts/http-backup-finder.nse
index 83589d698..eed624ee1 100644
--- a/scripts/http-backup-finder.nse
+++ b/scripts/http-backup-finder.nse
@@ -105,9 +105,14 @@ action = function(host, port)
 					port = (parsed.scheme == 'https') and 443
 					port = port or ((parsed.scheme == 'http') and 80)
 				end
-			
+
+				-- the url.escape doesn't work here as it encodes / to %2F
+				-- which results in 400 bad request, so we simple do a space
+				-- replacement instead.
+				local escaped_link = link:gsub(" ", "%%20")
+
 				-- attempt a HEAD-request against each of the backup files
-				local response = http.head(host, port, link)
+				local response = http.head(host, port, escaped_link)
 				if ( response.status == 200 ) then
 					if ( not(parsed.port) ) then
 						table.insert(backups,