Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Improvement on CVE 2012-1823
From: George Chatzisofroniou <sophron () latthi com>
Date: Mon, 9 Dec 2013 17:45:24 +0200

Hey Paul,

On Fri, Dec 06, 2013 at 11:16:12PM +0100, Paul AMAR wrote: 
I did some improvements regarding the NSE script CVE 2012-1823.
The attachment file is my improved script.

The previous script is located here :

As asked, I improved the detection method by using an echo command (as
George Chatzisofroniou proposed me)
Morever, I added the possibility to execute a command. (By default the
command is "uname -a")

So basically, to launch the script now, it should be like this :
./nmap -p80 --script http-vuln-cve2012-1823 --script-args
'http-vuln-cve2012-1823.cmd=whoami, http-vuln-cve2012-1823.uri=/'

To perform my tests, I used a Virtual machine created by PentesterLab which
creates a vulnerable environment using this flaw.

I commited the new version of the script to the trunk as revision 32557.

Please, make sure to attach a patch for each change rather than the whole file
for your next contributions. It makes it easier to review your changes.


George Chatzisofroniou
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]