PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Corrects a default HTTP redirect rule for hostname/domain matching. Fixes #829

Browse Source
This commit is contained in:
nnposter
2017-04-19 18:35:31 +00:00
parent 17c37b7e8d
commit ab96f9c2e7
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
nselib/http.lua
View File

@@ -1483,17 +1483,18 @@ local redirect_ok_rules = {
end, end,
-- Check if the location is within the domain or host -- Check if the location is within the domain or host
--
-- Notes:
-- * A domain match must be exact and at least a second-level domain
-- * ccTLDs are not treated as such. The rule will not stop a redirect
-- from foo.co.uk to bar.co.uk even though it logically should.
function (url, host, port) function (url, host, port)
local hostname = stdnse.get_hostname(host) local hostname = stdnse.get_hostname(host)
if ( hostname == host.ip and host.ip == url.host.ip ) then if hostname == host.ip then
return true return url.host == hostname
end end
local domain = hostname:match("^[^%.]-%.(.*)") or hostname local domain = function (h) return (h:match("%..+%..+") or h):lower() end
local match = ("^.*%s$"):format(domain) return domain(hostname) == domain(url.host)
if ( url.host:match(match) ) then
return true
end
return false
end, end,
-- Check whether the new location has the same port number -- Check whether the new location has the same port number