Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-form-brute: uservar bug

From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 11 May 2011 15:07:43 +0200
Den 2011-05-11 14.09 skrev Daniel Miller <bonsaiviking () gmail com>:



I got a chance to look at this, and the problem is that the script
retrieves
the argument, then checks if uservar OR passvar are not set. If either is
not set, it looks through the page to try to guess the right fields. If it
can't guess, then it sets them BOTH to nil. Here's a patch that checks if
either is set separately and guesses only for the unset field:


Thank's Josh for finding and reporting this and thank you Daniel for
taking the time to fix it.
I've committed the patch with a tiny addition of declaring the _ local. It
should be in as r23139.




Index: http-form-brute.nse
===================================================================
--- http-form-brute.nse (revision 23138)
+++ http-form-brute.nse (working copy)
@@ -134,8 +134,12 @@
       local path = nmap.registry.args['http-form-brute.path'] or "/"
       local status, result, engine

-       if ( not(uservar) or not(passvar) ) then
+       if ( not(uservar) and not(passvar) ) then
               uservar, passvar = detectFormFields( host, port, path )
+  elseif ( not(uservar) ) then
+               uservar, _ = detectFormFields( host, port, path )
+  elseif ( not(passvar) ) then
+               _, passvar = detectFormFields( host, port, path )
       end
       if ( not( uservar ) ) then
               return "  \n  ERROR: No uservar was specified (see
http-form-brute.uservar)"

Dan

On Tue, May 10, 2011 at 9:49 PM, Josh Greenwood
<joshgreenwood () gmail com>wrote:


If I'm reading the documentation correctly, the following scan should
work:
./nmap --script http-form-brute --script-args
http-form-brute.uservar=username 192.168.0.1

Yet I get the following error:
PORT   STATE SERVICE
80/tcp open  http
| http-form-brute:
|_  ERROR: No uservar was specified (see http-form-brute.uservar)

Am I providing the uservar value incorrectly, or is this a bug?  I'm
using
nmap 5.51SVN, revision 23136.

Please let me know if I can provide additional information.

Thanks,
Josh
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77








_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: