Re: Get value in IncompleteRead exception

[Vinamra Bhatia <vinamrabhatia8 () gmail com>]

Hey, it did work! Thanks a lot.
I was just perplexed about what issues will the patch cause if put in the
main trunk.
Besides, i am looking for some new ideas for vulnerability script.
Cheers
Vinamra

On Mar 14, 2017 4:21 AM, "nnposter" <nnposter () users sourceforge net> wrote:

> On 3/13/17 3:47 PM, Vinamra Bhatia wrote:
> > Greetings All,
> > So i spent my day figuring out the stuffs. I was wrong when i said that
> > my response.status is 400 in case of vulnerable web path.
> > I was getting a nil response when i was trying to do response.post with
> > the specially configured payload.
> > So, I tried to apply the patch sent by you and see if I can get the
> > partial output, but I didnt.
> > response.partial was still returning me nil. I tried going through
> > http.lua code to see what can be done to do that but didnt succeed in
> that.
> > I used WireShark to capture the TCP Stream to see what actually i was
> > receiving.
> > I am attaching the WireShark TCP Stream. As the response was broken(The
> > vulnerabilty is such that we receive a broken response on this
> > particular payload against vulnerable host and Content-Type was missing
> > in response.header in TCPStream attached below), The http.post was only
> > returning nil values. Anyways, a much cleaver idea has already been
> > implemented in a script for the same issue.
> > I still feel that there should be a way to return partial as it might
> > make things easier in some cases and I will try to work on the same.
>
> The stream appears to be missing the terminating chunk. Please roll back
> the previous patch and give this updated patch a try.
>
> If it still does not work then please attach the actual pcap (not just a
> stream dump) and the output from your script with -d -d .
>
> Cheers,
> nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/