mailing list archives
From: Zack Dela <ny101880 () yahoo com>
Date: Thu, 12 May 2011 06:47:15 -0700 (PDT)
I have tested the NSE http methods and so far the results are great.
The only thing that's missing is the elaboration of the result. Lets take PUT
and DELETE as example because its where the red flags are.
Potentially risky methods: DELETE PUT
Looking at the output, its very straight forward, but usually what comes to mind
is how to prove that vulnerability.
Would it be possible to also output the instructions on how to replicate/prove
Let's say, that below the Potential risky methods column, there should be some
information on the commands to test if indeed the site is really accepting
DELETE or PUT file in the site?
Even just a non existent file and nmap would just say that "folder or file not
found but the execution is successful".
What do you think?
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- http-methods.nse Zack Dela (May 12)