Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-verb-tamper
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 9 Nov 2011 11:33:00 +0100

On Tue, Nov 08, 2011 at 11:11:09PM +0100, Patrik Karlsson wrote:
I committed a slightly modified script as r27029.
The changes I made were:
* If the script argument is a string it's converted to a table
* If authentication is not required it's always reported, not only for the
jmx-console path.
Patrik perhaps you should also add the vulns.lua support here even if
one of them is a generic vulnerability (without CVE ID), the mandatory
fields are <lua>vuln_table = {title='...', state = ...}"</lua>

In this case you can report two vulnerability entries, and the
'vuln_table.extra_info' field can be used to note the authentication
problem.

Thanks.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]