Home page logo
/

nmap-dev logo Nmap Development mailing list archives

http-methods.nse
From: Zack Dela <ny101880 () yahoo com>
Date: Thu, 12 May 2011 06:47:15 -0700 (PDT)

Hi Bernd,

I have tested the NSE http methods and so far the results are great.
The only thing that's missing is the elaboration of the result. Lets take PUT 
and DELETE as example because its where the red flags are.

Sample Result:
Potentially risky methods: DELETE PUT 

Looking at the output, its very straight forward, but usually what comes to mind 
is how to prove that vulnerability.

Would it be possible to also output the instructions on how to replicate/prove 
vulnerability?

Let's say, that below the Potential risky methods column, there should be some 
information on the commands to test if indeed the site is really accepting 
DELETE or PUT file in the site?
Even just a non existent file and nmap would just say that "folder or file not 
found but the execution is successful".

What do you think?

Zack
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • http-methods.nse Zack Dela (May 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]