Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: http-barracuda-dir-traversal.nse
From: David Fifield <david () bamsoftware com>
Date: Tue, 14 Jun 2011 18:19:49 -0700

On Fri, Jun 10, 2011 at 11:21:00AM +1000, Brendan Coles wrote:
Version 0.2 is attached which implements the suggested changes.

A user count is provided, a reference to the full disclosure post was added
and error handling was improved.

This looks good to me. Could someone commit it when possible?

The only thing that really stands out to me is the repeated code that
gets the configuration values--could that be transformed into a loop
over a table of variable names?

Perhaps it should run only if service detection finds a Barracuda
device? The benefits are that we could make this script default without
causing extra traffic to other types of web servers. The downside is
that we'll not detect a vulnerability if version detection fails. I
think there's something to be said for making scripts like this run by
default when they can be reasonably limited. Otherwise they may exist
but never get used except in special circumstances.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]