PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 12:19:02 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Fixed issue in path encoding in the http-backup-finder script. [Patrik]

Browse Source
This commit is contained in:
patrik
2011-12-11 09:17:21 +00:00
parent 5183478e8c
commit 3e8440f5f6
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@@ -1,5 +1,7 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Fixed issue in path encoding in the http-backup-finder script. [Patrik]
o [NSE] Added the script http-backup-finder that searches for backup copies o [NSE] Added the script http-backup-finder that searches for backup copies
of files discovered by crawling a website. [Patrik] of files discovered by crawling a website. [Patrik]

7
scripts/http-backup-finder.nse
View File

@@ -106,8 +106,13 @@ action = function(host, port)
port = port or ((parsed.scheme == 'http') and 80) port = port or ((parsed.scheme == 'http') and 80)
end end
-- the url.escape doesn't work here as it encodes / to %2F
-- which results in 400 bad request, so we simple do a space
-- replacement instead.
local escaped_link = link:gsub(" ", "%%20")
-- attempt a HEAD-request against each of the backup files -- attempt a HEAD-request against each of the backup files
local response = http.head(host, port, link) local response = http.head(host, port, escaped_link)
if ( response.status == 200 ) then if ( response.status == 200 ) then
if ( not(parsed.port) ) then if ( not(parsed.port) ) then
table.insert(backups, table.insert(backups,