Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [patch] Make sql-injection.nse use httpspider

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 5 Feb 2012 14:50:44 +0100
On Fri, Feb 3, 2012 at 8:19 AM, Lauri Kokkonen
<lauri.u.kokkonen () gmail com>wrote:


The attached patch (against r28007) gets rid of the HTTP crawling code in
sql-injection.nse and replaces it by using the Crawler interface.
Everything
else is kept as it was.

I am using LinkExtractor to extract all links from the page returned by
crawl() so to avoid doing that twice it might be useful to add a method to
Crawler that returns all URLs encountered so far.

Also, while testing the script I found a bug in httpspider: checking that
an
URL is within a host or domain should try to match the hostname only at the
beginning of the URL because it might also be embedded in a query.

Lauri

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Thanks Lauri! I've committed your changes as r28014.
I noticed that the code for supporting redirect was taken out of the new
version.
One would assume that the spider/http library already supports this, but
unfortunately it doesn't.
Anyway, It's not a big problem though as I will be committing a patch for
this within the next few days.

Thanks,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: