Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Improvement on CVE 2012-1823
From: George Chatzisofroniou <sophron () latthi com>
Date: Mon, 9 Dec 2013 17:45:24 +0200

Hey Paul,

On Fri, Dec 06, 2013 at 11:16:12PM +0100, Paul AMAR wrote: 
I did some improvements regarding the NSE script CVE 2012-1823.
The attachment file is my improved script.

The previous script is located here :
https://svn.nmap.org/nmap/scripts/http-vuln-cve2012-1823.nse

As asked, I improved the detection method by using an echo command (as
George Chatzisofroniou proposed me)
Morever, I added the possibility to execute a command. (By default the
command is "uname -a")

So basically, to launch the script now, it should be like this :
./nmap -p80 --script http-vuln-cve2012-1823 --script-args
'http-vuln-cve2012-1823.cmd=whoami, http-vuln-cve2012-1823.uri=/'
192.168.56.102

To perform my tests, I used a Virtual machine created by PentesterLab which
creates a vulnerable environment using this flaw.

I commited the new version of the script to the trunk as revision 32557.

Please, make sure to attach a patch for each change rather than the whole file
for your next contributions. It makes it easier to review your changes.

Cheers,

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault