Nmap Development mailing list archives
Re: [NSE] http-verb-tamper
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 9 Nov 2011 11:33:00 +0100
On Tue, Nov 08, 2011 at 11:11:09PM +0100, Patrik Karlsson wrote:
I committed a slightly modified script as r27029. The changes I made were: * If the script argument is a string it's converted to a table * If authentication is not required it's always reported, not only for the jmx-console path.
Patrik perhaps you should also add the vulns.lua support here even if
one of them is a generic vulnerability (without CVE ID), the mandatory
fields are <lua>vuln_table = {title='...', state = ...}"</lua>
In this case you can report two vulnerability entries, and the
'vuln_table.extra_info' field can be used to note the authentication
problem.
Thanks.
--
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper David Fifield (Nov 06)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 07)
- Message not available
- Message not available
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 08)
- Re: [NSE] http-verb-tamper Djalal Harouni (Nov 09)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)