Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil.

Implemented a check to if the target is returning 200 to all requests. Also implemented additional logic on line 84 to verify that the Server header value is not nil. This is just in case we run into another case where a response is 200 but the Server header does not exist.
2025-12-24 08:29:04 +00:00 · 2012-07-04 15:16:46 +00:00
parent 17fe702314
commit 71439bcfac
1 changed files with 7 additions and 1 deletions
--- a/scripts/membase-http-info.nse
+++ b/scripts/membase-http-info.nse
@@ -81,7 +81,7 @@ local order = {
 local function cmdReq(host, port, url, result)
 	local response = http.get(host, port, url)
 	
-	if ( 200 ~= response.status ) then
+	if ( 200 ~= response.status ) or ( response.header['server'] == nil ) then
 		return false
 	end
 	
@@ -120,6 +120,12 @@ local function cmdReq(host, port, url, result)
 end

 action = function(host, port)
+  
+  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
+  local _, http_status, _ = http.identify_404( host.ip,port)
+  if ( http_status == 200 ) then
+    return false
+  end

 	local urls = { "/pools/default/buckets", "/pools" }