Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Scanning for WebDAV vulns
From: Ron <ron () skullsecurity net>
Date: Thu, 21 May 2009 09:37:50 -0500

Thomas Buchanan wrote:
Ron,

I've done a bit of testing on your script against a couple of my systems, and for the most part it appears to work very well. It correctly detected WebDAV enabled or disabled on the systems I ran it against, and also correctly detected that the unpatched systems with WebDAV enabled were vulnerable. However, I noticed a typo on line 148 (I'm working w/SVN revision 13361) where you have pring_debug instead of print_debug. This leads to the following error when running with -d and --script-trace:

NSE: http-iis-webdav-vuln threw an error!
./scripts/http-iis-webdav-vuln.nse:148: attempt to call field 'pring_debug' (a nil value)
stack traceback:
./scripts/http-iis-webdav-vuln.nse:148: in function <./scripts/http-iis-webdav-vuln.nse:135>

This particular incident was running against a Windows XP machine, IIS 5.1, with WebDAV disabled through registry settings.

The other suggestion that I have is to possibly add port 443 and/or the service "https" to the portrule, similar to the way http-auth and http-passwd do. This allows the script to run against secure web servers without having to perform version scanning with -sV.

Thanks for your great work on this script.

Thomas
Glad to hear it's working out!

I fixed pring_debug() just now, thanks for catching it.

I'll look into the SSL idea -- I'm not sure if the current http.lua class supports SSL, but if it doesn't we'll add it.

Thanks for the feedback!

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]