Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass"
From: David Fifield <david () bamsoftware com>
Date: Wed, 12 Oct 2011 00:06:36 -0700

On Mon, Oct 10, 2011 at 02:34:09PM -0700, Paulino Calderon wrote:

I don't have access to a vulnerable installation but I wanted to
share a couple of things I noticed:

* portrule = shortport.service("http")
It should be portrule = shortport.http if you want it to run against
https servers as well.

* If the pipeline is empty, it will crash. Add a return after the check:

if not bypass_request then
  stdnse.print_debug(1, "%s : got no answers from pipelined
queries", SCRIPT_NAME)

Otherwise we get a crash with the trace:
http-reverseproxy-bypass.nse:69: attempt to get length of local
'bypass_request' (a nil value)

I think this is a good idea for a NSE script. I'll setup a
vulnerable installation and report results later.

I also like this script. Let us know how testing goes, Paulino, and if
favorable we'll add it.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]