Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] POST path handling in http-default-accounts-fingerprints
From: nnposter () users sourceforge net
Date: Fri, 26 Jul 2013 23:10:25 +0000

The following patch allows http-default-accounts-fingerprints.lua to
correctly handle cases where the tested fingerprint path does not end
with "/". Without this patch such fingerprints are broken because
try_http_post_login() simply concatenates the path and the target when
building the login request.

As an example, the current fingerprint for Arris 2307 has path set to
"/logo_t.gif" while the target is "login.cgi". The current behavior is
causing the credentials to be submitted to "/logo_t.giflogin.cgi".
With the patch the credentials are sent to "/login.cgi".

Cheers,
nnposter


Patch against revision 31543 follows:

--- nselib/data/http-default-accounts-fingerprints.lua.orig     2013-07-26 16:05:14.859375000 -0600
+++ nselib/data/http-default-accounts-fingerprints.lua  2013-07-26 16:51:47.859375000 -0600
@@ -47,7 +47,7 @@
 -- @return True if login in was successful
 ---
 local function try_http_post_login(host, port, path, target, failstr, params, follow_redirects)
-    local req = http.post(host, port, path..target, {no_cache=true}, nil, params)
+    local req = http.post(host, port, path:gsub("[^/]+$","")..target, {no_cache=true}, nil, params)
     
     local status = ( req and tonumber(req.status) ) or 0
     if follow_redirects and ( status > 300 and status < 400 ) then
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]