Nmap Development mailing list archives
Re: [NSE] Webservers Directory Traversal Vulnerability (under windows)
From: David Fifield <david () bamsoftware com>
Date: Fri, 18 Jun 2010 16:22:52 -0600
On Mon, May 24, 2010 at 07:04:09PM +0200, Gutek wrote:
Indeed, the goal is the same : revealing a Dir Traversal. However I may be wrong but I think the two approaches are slightly different (without talking about linux vs. windows targets): - http-passwd seems "generic" - oriented as it builds commonly seen ways of trying to reach /etc/passwd : escaping characters, salshing and anti-slashing - http-win-dir-traversal is precisely oriented against payloads published. Let's say, "products - oriented" I have two hypothesis: - H1, keeping those two appart, renaming http-win-dir-traversal to http-boot (to reflect the targeted file, as those two files are OS-symbolic and so self-speaking) - H2 trying to merge those two approaches. I can imagine it could be possible (but a little bit hard, I guess) to, for example, try to guess the plateform and then launch a unix() or a windows() sub routine
I think I prefer H2. I don't think the script needs to decide which file to try to get, /etc/password or boot.ini, just try them both. If you have an OS match, you could use that to eliminate one of the possibilities. After all, trying both files is what will happen anyway if there are two scripts. In the combined script, let's just make sure all the "products-oriented" requests are done by the "generic-oriented" request generator, and then there's no distinction to worry about. Is boot.ini available on recent versions of Windows too? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 18)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 22)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)