Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-lfi.nse
From: Ron <ron () skullsecurity net>
Date: Tue, 5 Jun 2012 08:52:16 -0500

On Sat, 2 Jun 2012 20:21:19 +0530 SAN THO <saminside34 () gmail com> wrote:
Hi Nmap-Dev,

  attaching my new NSE. looking forward to hear your feedback on this

--
Thanks,
SANTHO
twitter : @sam34_ <http://twitter.com/sam34_>

This code:
        local param = tostring(nmap.registry.args[SCRIPT_NAME .. '.param'])
        local cookie = tostring(nmap.registry.args[SCRIPT_NAME .. '.cookie'])
        local resource = tostring(nmap.registry.args[SCRIPT_NAME .. '.resource'])

Should use stdnse.get_script_args(). I believe the syntax (it's been awhile since I've done this) should be:

local param, cookie, resource = get_script_args('param', 'cookie', 'resource')

That being said, it seems kinda pointless to have a script where the user has to provide a param/cookie/resource. If I 
already have an idea of which param is going to be vulnerable to LFI - and, worse yet, I already know which file I want 
to resource - I don't need Nmap to check it for me. I can just check it in a browser or Burp Suite or any number of 
tools. 

I can only see this being useful if it automatically checks all parameters discovered by http-spider.nse.

Ron
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault