PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-29 02:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Solves the bug #878. Closes #885

Browse Source
This commit is contained in:
vinamra
2017-06-01 20:27:45 +00:00
parent aedd40ced5
commit be66ffd38a
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/http-vuln-cve2017-5689.nse
View File

@@ -111,13 +111,15 @@ digest parameter.
if response.header['server'] and response.header['server']:find('Intel(R)', 1, true)
and response.status and response.status == 401 then
local www_authenticate = http.parse_www_authenticate(response.header['www-authenticate'])
local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..
"cnonce=\"%s\", nc=1, qop=\"auth\", response=\"\"", www_authenticate[1]['params']['realm'],
www_authenticate[1]['params']['nonce'], stdnse.generate_random_string(10))
local opt = { header = { ['Authorization'] = auth_header } }
response = http.get(host, port, '/index.htm', opt)
if response.status and response.status == 200 then
vuln.state = vulns.STATE.VULN
if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then
local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..
"cnonce=\"%s\", nc=1, qop=\"auth\", response=\"\"", www_authenticate[1]['params']['realm'],
www_authenticate[1]['params']['nonce'], stdnse.generate_random_string(10))
local opt = { header = { ['Authorization'] = auth_header } }
response = http.get(host, port, '/index.htm', opt)
if response.status and response.status == 200 then
vuln.state = vulns.STATE.VULN
end
end
end