Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] jboss-vuln-cve2010-0738.nse
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 19 Jun 2012 22:51:04 +0200

On Tue, Jun 19, 2012 at 10:42 PM, David Fifield <david () bamsoftware com>wrote:

On Tue, Jun 19, 2012 at 10:34:18PM +0200, Patrik Karlsson wrote:

What needs to change in http-method-tamper in order for it to be able
detect this vulnerability. It seems to me that it already does, with no
changes? It uses the same /jmx-console path as this exploit script. So
is the only thing different about this new script, the addition of
exploit code?

It does detect the vulnerability for the jmx-console path and supports
changing path with an argument.
What I'm suggesting is to make it more general, as the vulnerability
be present in other java app servers under different paths, as I believe
this could be the result of unfortunate configuration. So adding
functionality to that script would allow it to be used for more generic
and this new script would replace this particular check + add exploit

I tend to think that a targeted list of known susceptible paths will be
more effective to test by default than a spider. Maybe have a spider as
an option? I don't care as much about exploitation, and definitely not
by default.

David Fifield

I totally agree with you on not having the exploitation run by default :)


Patrik Karlsson
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]