Nmap Development mailing list archives
Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823)
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 5 May 2012 07:55:14 +0200
On Fri, May 4, 2012 at 10:54 PM, Paulino Calderon <paulino () calderonpale com>wrote:
On 04/05/2012 03:35 p.m., Patrik Karlsson wrote: On Fri, May 4, 2012 at 9:25 PM, David Fifield <david () bamsoftware com>wrote:On Fri, May 04, 2012 at 12:30:00PM -0500, Paulino Calderon wrote:Hi list, Here is my script for detecting vulnerable PHP-CGI setups (CVE2012-1823). This is a pretty scary vuln as it affects a lot of installations. Here is the full advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ I'm going to look more into it to write a reliable exploitation script too. So far it seems the -r flag is not available in all the setups and we will need to exploit via RFI to be 100% accurate.Nice, Paulino. Please commit this script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Great work! Would attempting to match both the opening and closing tag improve detection? //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 Hi Patrik, PHP coders sometimes don't use closing tags since they are optional. If we match closing tags in these files, the script will incorrectly report that a host is not vulnerable. Check out: http://php.net/manual/en/language.basic-syntax.instruction-separation.php http://phpstarter.net/2009/01/omit-the-php-closing-tag/ Cheers! -- Paulino Calderón Pale Website: http://calderonpale.com Twitter: http://twitter.com/calderpwn
Ok, thanks. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Paulino Calderon (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) David Fifield (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Patrik Karlsson (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Paulino Calderon (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Patrik Karlsson (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Patrik Karlsson (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) David Fifield (May 04)
- Re: NSE for detecting vulnerable PHP-CGI setups (CVE2012-1823) Paulino Calderon (May 07)