Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: script category selection bug - was: Script force
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 5 Dec 2011 23:24:02 +0100

On Mon, Dec 05, 2011 at 12:18:50PM -0500, Patrick Donnelly wrote:
On Mon, Dec 5, 2011 at 10:38 AM, Djalal Harouni <tixxdz () opendz org> wrote:
Yes the substring becomes empty but this will not trigger the bug.

This bug was present before this patch, you can test it with this:
--script="foo(default and vuln)"

There is no vulnerability here. The parser should probably emit an
error but I'm not sure it's worth it.
Ok Patrick. I've attached a simple patch to raise an error.

--script="foo(default and vuln)"

NSE: failed to initialize the script engine:
/mnt/opensource/code/nmap/nmap-trunk/nse_main.lua:581: Bad script rule:
        foo(default and vuln) -> script rule expression not supported.
stack traceback:
...

-- 
tixxdz
http://opendz.org

Attachment: script_category_fix.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]