Hi list,
Not sure if this has been reported yet.
In nmap 4.21 alpha4 I'm running the following scan
nmap -sS -p 80 -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout
40m --max-retries 0 -oX - 111.111.111.111
and nmap is generating a service tag with an attribute called extrainfo.
Inside that attribute is data that's not escaped correctly; the "less
than" and "greater than" signs, and the double quotes. This causes the
XML output to be incorrect.
extrainfo="(Unix) mod_fastcgi/2.4.2 mod_ssl/2.8.19 OpenSSL/0.9.6e"
method="probed" conf="10" /><script id="HTML title"
output="www-ccf.fnal.gov Homepage<title><META HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=windows-1252"> <LINK REL="stylesheet"
TYPE="text/css" HREF="/cdincludes/style.css"> <title>Coming soon! CCF
Department file server CCFSRV2 " /></port>
</ports>
I've attached the full xml file if that helps. I did a quick search on
the web for the proper escape sequences. Not entirely sure how correct
that is, but it may be a start.
http://hdf.ncsa.uiuc.edu/HDF5/XML/xml_escape_chars.htm
Thanks!
Tim
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Apr 23 2007
Intro
