Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-verb-tamper
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 4 Nov 2011 23:04:37 +0100

On Fri, Nov 4, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net> wrote:


Hi Hani,

Thanks for submitting this script! I had a quick look at it and I noticed
that the script argument read in the action method does not reflect the one
documented in the usage.


Attached the fixed version ! thanks for the catch.


Also, I'm not sure how widespread this vulnerability is and if it would
make more sense to target the reported JBoss vulnerability instead? Or
maybe have two script, one generic like the one you submitted, and one that
targets CVE-2010-738 specifically. While I appreciate that the generic
script could be sued to detect CVE-2010-738 I think it would be better to
be able to do so without needing to supply the path.


Yes, I believe it would make sense to implement a script that targets it
specifically as there is actually a worm that's actively exploiting this
JBoss vulnerability [1]. Plus, it won't take much work to adapt the generic
script, just using /jmx-console/ as the path. In both cases, the script
isn't intrusive as it tests first if there's authentication (401 or 302
that could be a redirect to a login page.)

[1] http://www.infoq.com/news/2011/10/jboss-worm

Cheers,

--
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: @kroosec

Attachment: http-verb-tamper.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]