Nmap Development mailing list archives
Re: New script for nmap that test XST vulnerability
From: Rob Nicholls <robert () robnicholls co uk>
Date: Fri, 09 Jul 2010 13:01:06 +0100
On Fri, 09 Jul 2010 11:46:23 +0200, Wagiro <Edu () wagiro es> wrote:
I write a new script for nmap. This script test the Cross Site Tracing vulnerability. Nmap have two scripts that test the TRACE method "http-methods and http-trace", but not test the XST vulnerability. The http-methods only test with OPTIONS request, but if OPTION request is disabled and TRACE request enable, this script don't detect the TRACE method. The second script "http-trace" "Sends an HTTP TRACE request and shows header fields that were modified in the response" but not test the XST vulnerability.
Hi Wagiro, Thanks for picking this up, I'd completely forgotten that my modified http-trace script that specifically checks for XST had stalled in its development. http://seclists.org/nmap-dev/2007/q4/617 A script to check this issue would still certainly be useful for me. I'm concerned that your new script doesn't sufficiently check the output to confirm XST, as any server that modifies the trace request (which would probably get flagged by Kri's original script) could potentially generate a false positive (although I admit it's probably unlikely). Is it possible you could modify the script to send a fairly unique (perhaps use random numbers in the alert?) attack and then check the returned body for the malicious string we'd submitted to the server? Cheers, Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New script for nmap that test XST vulnerability Wagiro (Jul 09)
- Re: New script for nmap that test XST vulnerability Rob Nicholls (Jul 09)
- Re: New script for nmap that test XST vulnerability Wagiro (Jul 09)
- Re: New script for nmap that test XST vulnerability David Fifield (Aug 08)
- Re: New script for nmap that test XST vulnerability Rob Nicholls (Jul 09)