Nmap Development mailing list archives
Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Paul AMAR <aos.paul () gmail com>
Date: Thu, 19 Dec 2013 09:44:37 +0100
Hi, @George, thanks for adding the script. @Ron, I'm thinking about adding gzip support, I guess I might work on this when I'll have time. And you're definitely right, I'll add the choice for the file (as an argument). Thanks for the feedback ;-) Paul 2013/12/19 Ron <ron () skullsecurity net>
It'd be cool if you could give the filename to read as an argument (defaulting to the config file)! If Nmap doesn't have gzip support, this would be a *great* reason to add it! The issue with the script as-is is, once the vuln is patched, it'll keep reporting it's vulnerable, I think, unless they just delete the file. if you try to grab a "bad" file (like /etc/shadow), everything seem to work fine. Ron On 2013-12-14 13:14, Paul AMAR wrote:Hello all, I developed a NSE script that detects if the host is vulnerable toZimbra 0day which has been released few days (week) ago (exploit here : http://www.exploit-db.com/exploits/30085/). The script detects if the file is present (http status code 200) with a good content-type (application/x-javascript) and give the URL to try itbyyourself. Don't hesitate if you have any feedback. To try this, I had a vulnerable environment with some old VMs running Zimbra. *./nmap -p80 --script http-vuln-0-day-lfi-zimbra 192.168.56.101 -d* Regards, Paul_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 14)
- Re: [NSE] Created NSE script to detect Zimbra 0 day George Chatzisofroniou (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Daniel Miller (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Robin Wood (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- <Possible follow-ups>
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 20)