Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Http-vuln-cve2011-3192

From: Duarte Silva <duarte.silva () serializing me>
Date: Mon, 12 Sep 2011 19:41:11 +0100
Hi Thomas,

when testing scripts it's very usefull to use the --script-trace argument of 
nmap. For example, if you do this:

nmap -n -v -sT -pT:80 www.nmap.org --script http-vuln-cve2011-3192 --script-
trace

You will notice in the output that the server returns a 301, Moved 
Permanently, and the correct address is htttp://nmap.org instead of 
www.nmap.org. So using the address returned in the 304

nmap -n -v -sT -pT:80 nmap.org --script http-vuln-cve2011-3192 --script-trace

The server will return a 200, OK, meaning the server isn't vulnerable (in this 
case it seems that the server does not allow the ranges altogether).

In relaption to the path argument, for example, imagine that the web server in 
nmap.org:80 is a reverse proxy, and you know that requests sent to 
nmap.org/docs are redirected to another web server behind the reverse proxy, 
then you should use http-vuln-cve2011-3192.path argument in order to test the 
web server behind the reverse proxy.

nmap -n -v -sT -pT:80 nmap.org --script http-vuln-cve2011-3192 --script-
args="http-vuln-cve2011-3192.path=/docs/"  --script-trace

Hope it helped, best regards,
Duarte Silva


On Monday 12 September 2011 18:59:30 you wrote:

Hi Duarte,

I found your great script
http://nmap.org/nsedoc/scripts/http-vuln-cve2011-3192.html and have small
questions to you:

1) I read the nse but I am still do not know exactly the syntax for
--script-args http-vuln-cve2011-3192.path How have I set for example the
path for www.nmap.org/docs
--script-args http-vuln-cve2011-3192.path=/docs ?

2) Do you plan to check in the next versions as well for vulnerability for
the old Apache 2.0.x and not only the versions 2.2.x? I have an "old"
Apache 2.2 and through the very complicated PHP scripts I can not upgrade
fast.

Best Regards
Thomas

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: