PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 20:51:30 +00:00
Code Issues Projects Releases Wiki Activity
5,019 Commits 2 Branches 0 Tags
3f15b93e98a6905853d1271594c45b51eb669fe0
Commit Graph

15 Commits

Author SHA1 Message Date
robert
d50c58dcc1 Force a match against "^PHP/" (i.e. now with a trailing forward slash) to prevent the "Version from header" from incorrectly matching against the Set-Cookie header with the value "PHPSESSID". This should match PHP/2.x onwards; I'm not sure about earlier versions of PHP as I can't find any references. 
This will no longer match against the generic "X-Powered-By: PHP" (rare?), but that never gave us a version number anyway, so you could consider that a bug too.

We don't currently check for variations such as "Zend Core/2.0.1 PHP/5.2.1", so that could be added in the future, but at least the http-headers script will reveal the X-Powered-By header anyway.
 2011-01-30 11:15:48 +00:00
robert
063e780e1f Updated the hash information to include PHP/5.2.17 (released yesterday). 2011-01-07 10:24:59 +00:00
robert
d8ddf59203 Updated the hash information to include PHP/5.3.5 (released today). 2011-01-06 15:39:35 +00:00
robert
c2305f23a5 Added hashes for PHP 5.2.15 and 5.2.16. 2010-12-26 13:48:06 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
robert
485ee4aded Added a new credits hash for PHP/5.2.2 based on testing with php-5.2.2-Win32.zip. 2010-11-24 15:51:39 +00:00
david
1766507ecf Add a new http-php-version.nse version from a server that said: 
X-Powered-By: PHP/5.1.6
 2010-11-17 22:05:04 +00:00
david
a314b5b7d7 Don't print unknown hashes in http-php-version.nse unless high verbosity 
is used, otherwise you get hashes printed for sites that don't even use
PHP. Patch by Ange Gutek.
 2010-08-16 16:09:56 +00:00
david
d5edc49016 Add patch from Ange Gutek and Tom Sellers to make http-php-version only 
consider responses with a 200 status.
 2010-08-10 19:54:30 +00:00
david
a9b75892f5 Use shortport.http where appropriate. 2010-08-09 22:30:50 +00:00
fyodor
a03bbb206e Remove Ange's email address from http-php-version.nse to match what he uses in http-passwd.nse, ftp-libopie.nse, and ftp-anon.nse author fields (If he wants the email addresses, I'd be happy to put it in all four scripts--I'm just doing a little cleanup for consistency 2010-07-24 05:36:47 +00:00
david
bccb8ead89 Edit some script descriptions for better line breaks when rendered as 
PDF. Some long URLs were replaced by short redirects under
http://nmap.org/r/.
 2010-07-17 16:47:31 +00:00
david
c50c7a2c0b o Added http-php-version.nse from Gutek. This script retrieves 
version-specific pages through a couple of magic PHP queries, which
  can identify the PHP version even when a server doesn't advertise
  it.
 2010-06-18 22:12:17 +00:00