Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 19 Dec 2013 12:32:52 -0600

On 12/19/2013 12:10 PM, Ron wrote:
It works if I switch out the string.match() with "==".

I don't know why, though!


On 2013-12-19 11:57, Ron wrote:
>It is indeed returning that value. The string.match() doesn't seem to be
>working, though I don't understand why.
>If I change the code to this:
>if string.match(escape(detection_session.header['content-type']), "application/x-javascript") then
>   stdnse.print_debug(1, "The website may be vulnerable to the Zimbra 0-day.")
>   vuln.state = vulns.STATE.EXPLOIT
>   return vuln_report:make_output(detection_session.body)
>   stdnse.print_debug(1, " \n'" .. escape(detection_session.header['content-type']) .. "' 
>   stdnse.print_debug(1, "Bad content-type for the resource : " .. detection_session.header['content-type'])
>   return
>It prints this:
>'application/x-javascript' !=
>Which makes absolutely no sense.
You need to escape the "-" in the pattern. Lua patterns use weird syntax, explained here: http://www.lua.org/manual/5.2/manual.html#6.4.1

The "-" means "ungreedy 0-or-more," similar to *? in PCRE. The escape character is "%", so your match should be: string.match( whatever, "application/x%-javascript" )

Or, as Ron pointed out, a more strict equality.

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]