Nmap Development mailing list archives
[NSE] Webservers Directory Traversal Vulnerability (under windows)
From: Gutek <ange.gutek () gmail com>
Date: Mon, 24 May 2010 18:22:16 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the Windows world there seems to be a lot of tiny webservers. Many of them are so tiny that they do not filter anything in the requests, making them some kind of *stars* of the Full Disclosure... Here is a script that launches a bunch of published payloads against an open webserver, trying to parse the BootLoader (boot.ini) in order to reveal a Directory Traversal vulnerability. There is an anti-false positive mechanism embedded :the script only return results if it was able to parse the Boot.ini. Output : linux-pb94:/home/Gutek # nmap -PS -n -p80 --script=http-win-dir-traversal.nse 192.168.1.13 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-05-24 18:09 CEST NSE: Script Scanning completed. Nmap scan report for 192.168.1.13 Host is up (0.0014s latency). PORT STATE SERVICE 80/tcp open http | http-win-dir-traversal: Dir Traversal Found ! | Payload: ..\\..\\..\..\\..\..\\..\..\\\boot.ini |_PoC: Microsoft Windows XP \x90dition familiale The script was tested against all vulnerable webservers found at http://hack0wn.com/exploits/remote.php?paginacion=1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkv6p7gACgkQ3aDTTO0ha7g0mgCfW1v9MY3vpZyZRzRTvdlDb+37 sfEAn3JHYnHVF+muIN/mCIGWRT//e3no =AiY9 -----END PGP SIGNATURE-----
Attachment:
http-win-dir-traversal.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 18)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 22)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)