Nmap Development mailing list archives
Re: [NSE] A script for CVE 2014-7236
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Mon, 23 Mar 2015 07:07:38 +0530
Hi, I think staying up all night was a bad idea. Sorry for three consecutive posts on the same thread. I found another small mistake in the script. I forgot to concatenate the 'path' argument with the payload. Plus there was a duplicate in the 'references' field. Please look at the GitHub link [1] for the 'path' update and other updates if any. Hope this was the last bug I find in this script today. [1] https://raw.githubusercontent.com/h4ck3rk3y/nmap/master/test_scripts/http-vuln-cve2014-7236.nse Gyanendra On Mon, Mar 23, 2015 at 6:19 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
Hi, Tiny mistake. The script is named wrongly. It should be http-vuln-cve2014-7236.nse. The documentation inside the script has the correct name in @usage and the wrong name in @output. I edited the same and have attached the modified version. Gyanendra On Mon, Mar 23, 2015 at 6:11 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:Hi, Versions 4.0.x to 6.0.0 have a remote pearl code execution vulnerability as mentioned here[1]. The script attached checks for the same vulnerability. [1]http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 Gyanendra-- Gyanendra Mishra CS Sophomore BITS PILANI, Pilani Campus email-anomaly.the () gmail com
-- Gyanendra Mishra CS Sophomore BITS PILANI, Pilani Campus email-anomaly.the () gmail com
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] A script for CVE 2014-7236 Gyanendra Mishra (Mar 22)
- Re: [NSE] A script for CVE 2014-7236 Gyanendra Mishra (Mar 22)
- Re: [NSE] A script for CVE 2014-7236 Gyanendra Mishra (Mar 22)
- Re: [NSE] A script for CVE 2014-7236 Gyanendra Mishra (Mar 22)