It'd be cool if you could give the filename to read as an argument
(defaulting to the config file)! If Nmap doesn't have gzip support, this
would be a *great* reason to add it!
The issue with the script as-is is, once the vuln is patched, it'll keep
reporting it's vulnerable, I think, unless they just delete the file. if
you try to grab a "bad" file (like /etc/shadow), everything seem to work
On 2013-12-14 13:14, Paul AMAR wrote:
I developed a NSE script that detects if the host is vulnerable to
day which has been released few days (week) ago (exploit here :
The script detects if the file is present (http status code 200) with a
Don't hesitate if you have any feedback.
To try this, I had a vulnerable environment with some old VMs running
*./nmap -p80 --script http-vuln-0-day-lfi-zimbra 192.168.56.101 -d*
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/