mailing list archives
Re: Scanning for WebDAV vulns
From: Ron <ron () skullsecurity net>
Date: Thu, 21 May 2009 09:37:50 -0500
Thomas Buchanan wrote:
I've done a bit of testing on your script against a couple of my
systems, and for the most part it appears to work very well. It
correctly detected WebDAV enabled or disabled on the systems I ran it
against, and also correctly detected that the unpatched systems with
WebDAV enabled were vulnerable. However, I noticed a typo on line 148
(I'm working w/SVN revision 13361) where you have pring_debug instead of
print_debug. This leads to the following error when running with -d and
NSE: http-iis-webdav-vuln threw an error!
./scripts/http-iis-webdav-vuln.nse:148: attempt to call field
'pring_debug' (a nil value)
./scripts/http-iis-webdav-vuln.nse:148: in function
This particular incident was running against a Windows XP machine, IIS
5.1, with WebDAV disabled through registry settings.
The other suggestion that I have is to possibly add port 443 and/or the
service "https" to the portrule, similar to the way http-auth and
http-passwd do. This allows the script to run against secure web
servers without having to perform version scanning with -sV.
Thanks for your great work on this script.
Glad to hear it's working out!
I fixed pring_debug() just now, thanks for catching it.
I'll look into the SSL idea -- I'm not sure if the current http.lua
class supports SSL, but if it doesn't we'll add it.
Thanks for the feedback!
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org