From e3787f2a37a0c0cfa102c4ec197b4751e4bc2f25 Mon Sep 17 00:00:00 2001 From: tomsellers Date: Wed, 4 Jul 2012 18:54:38 +0000 Subject: [PATCH] Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. http-backup-finder.nse:107: attempt to index field 'path' (a nil value) stack traceback: Addressed this by setting nil .path values to '/'. Tested with sites with and without backup files. Verified that duplicate results were not returned. --- scripts/http-backup-finder.nse | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/http-backup-finder.nse b/scripts/http-backup-finder.nse index ae0ccaa77..0efede9f5 100644 --- a/scripts/http-backup-finder.nse +++ b/scripts/http-backup-finder.nse @@ -102,6 +102,11 @@ action = function(host, port) -- parse the returned url local parsed = url.parse(tostring(r.url)) + + -- handle case where only hostname was provided + if ( parsed.path == nil ) then + parsed.path = '/' + end -- only pursue links that have something looking as a file if ( parsed.path:match(".*%.*.$") ) then