mailing list archives
Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass"
From: David Fifield <david () bamsoftware com>
Date: Wed, 12 Oct 2011 00:06:36 -0700
On Mon, Oct 10, 2011 at 02:34:09PM -0700, Paulino Calderon wrote:
I don't have access to a vulnerable installation but I wanted to
share a couple of things I noticed:
* portrule = shortport.service("http")
It should be portrule = shortport.http if you want it to run against
https servers as well.
* If the pipeline is empty, it will crash. Add a return after the check:
if not bypass_request then
stdnse.print_debug(1, "%s : got no answers from pipelined
Otherwise we get a crash with the trace:
http-reverseproxy-bypass.nse:69: attempt to get length of local
'bypass_request' (a nil value)
I think this is a good idea for a NSE script. I'll setup a
vulnerable installation and report results later.
I also like this script. Let us know how testing goes, Paulino, and if
favorable we'll add it.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/