From 51b9dd426b6101d889ee61d2ea83149edd4e7213 Mon Sep 17 00:00:00 2001 From: ron Date: Tue, 19 May 2009 21:27:05 +0000 Subject: [PATCH] Added a check at the start for a password-protected root folder. Prevents checking if we can't get useful results. --- scripts/http-webdav-unicode-bypass.nse | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/http-webdav-unicode-bypass.nse b/scripts/http-webdav-unicode-bypass.nse index d6e082f9d..258da0852 100644 --- a/scripts/http-webdav-unicode-bypass.nse +++ b/scripts/http-webdav-unicode-bypass.nse @@ -89,7 +89,6 @@ local function go(host, port) local results = {} local is_vulnerable = true - local folder_file if(nmap.registry.args.folderdb ~= nil) then folder_file = nmap.fetchfile(nmap.registry.args.folderdb) @@ -134,6 +133,12 @@ local function go(host, port) end action = function(host, port) + -- Start by checking if '/' is protected -- if it is, we can't do the tests + local result = go_single(host, port, "/") + if(result == enum_results.NOT_VULNERABLE) then + return "Could not determine vulnerability, since root folder is password protected" + end + if(nmap.registry.args.webdavfolder ~= nil) then local folder = nmap.registry.args.webdavfolder local result = go_single(host, port, "/" .. folder)