PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Adds http-axis2-dir-traversal:

Browse Source 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
This commit is contained in:
paulino
2011-07-24 21:10:04 +00:00
parent c43e0bb970
commit d4054187e4
2 changed files with 189 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/script.db
View File

@@ -67,6 +67,7 @@ Entry { filename = "hddtemp-info.nse", categories = { "default", "discovery", "s
Entry { filename = "hostmap.nse", categories = { "discovery", "external", "intrusive", } }
Entry { filename = "http-affiliate-id.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-auth.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "http-axis2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-barracuda-dir-traversal.nse", categories = { "auth", "exploit", "intrusive", } }
Entry { filename = "http-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-cakephp-version.nse", categories = { "discovery", "safe", } }