Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass"
From: Michael Meyer <michael.meyer () greenbone net>
Date: Wed, 12 Oct 2011 09:34:51 +0200

*** Gutek <ange.gutek () gmail com> wrote:
 
Yes, that's the key point : getting an error status code, whatever it
could be. Maybe a 30s timeout is, here, too short ? On the other hand, a
timeout of >1m could make this script very slow. I have to figure out
the best balance between speed and efficiency.

I'm doing something like the following for OpenVAS at the moment:

,---|
| mime () kira[4]: ~ 0)$ telnet 192.168.2.7 80
| Trying 192.168.2.7...
| Connected to 192.168.2.7.
| Escape character is '^]'.
| GET @6666.6666.6666.6666 HTTP/1.0
|
| HTTP/1.1 200 OK
| Date: Wed, 12 Oct 2011 06:46:28 GMT
| Server: Apache/2.2.10 (Linux/SUSE)
| Vary: accept-language,accept-charset
| Accept-Ranges: bytes
| Content-Type: text/html; charset=iso-8859-1
| Content-Language: en
| Connection: close
|
| [...]
|
|<title>Bad Gateway!</title>
`---|

With such a wrong "ip", a vulnerable server immediately returns a 200 and
"Bad Gateway". Could you confirm that? 

Micha

-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]