Re: [NSE] POST path handling in http-default-accounts-fingerprints

[nnposter () users sourceforge net]

George Chatzisofroniou wrote:
> On Fri, Jul 26, 2013 at 11:10:25PM +0000, nnposter () users sourceforge net wrote:
> > The following patch allows http-default-accounts-fingerprints.lua to
> > correctly handle cases where the tested fingerprint path does not end
> > with "/". Without this patch such fingerprints are broken because
> > try_http_post_login() simply concatenates the path and the target when
> > building the login request.
> >
> > As an example, the current fingerprint for Arris 2307 has path set to
> > "/logo_t.gif" while the target is "login.cgi". The current behavior is
> > causing the credentials to be submitted to "/logo_t.giflogin.cgi".
> > With the patch the credentials are sent to "/login.cgi".
>
> I don't really like the concatenation that occurs there. Why not simply pass the
> path of the login form?
>
> Like this,

> - return try_http_post_login(host, port, path, "index.php", "Invalid User Name/Password", {action="login", 
> login_username=user, login_password=pass}, false)
> + return try_http_post_login(host, port, path, "/cacti/index.php", "Invalid User Name/Password", {action="login", 
> login_username=user, login_password=pass}, false)

I do not think that this would work. The idea is that the fingerprint
can have multiple probe paths (see the Cisco fingerprint) and then to
test the login page that is in the same location as a probe path that
succeeded. Also, this would break the basepath feature.

Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/