Nmap Development mailing list archives
Re: Get value in IncompleteRead exception
From: nnposter <nnposter () users sourceforge net>
Date: Sun, 12 Mar 2017 12:57:11 -0600
On 3/12/17 12:26 PM, Vinamra Bhatia wrote:
Thanks a lot for the response. However, http.post returns a status code of 400. What i am trying to implement is given in a PoC here https://github.com/nixawk/labs/blob/master/CVE-2017-5638/exploit-urllib2.py When i run a http.post request with the header as given in the PoC against a vulnerable apache struts2 web app set up on my localhost, i get the response.status as 400 and response.body as blank.
The patch only work on incomplete response bodies. If in your case the response processing does not even reach that point then your best bet at this point might be to forego the http library and instead hand-roll the request. Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Get value in IncompleteRead exception Vinamra Bhatia (Mar 12)
- Re: Get value in IncompleteRead exception nnposter (Mar 12)
- Re: Get value in IncompleteRead exception nnposter (Mar 12)
- Re: Get value in IncompleteRead exception Vinamra Bhatia (Mar 12)
- Re: Get value in IncompleteRead exception nnposter (Mar 12)
- Re: Get value in IncompleteRead exception Vinamra Bhatia (Mar 13)
- Re: Get value in IncompleteRead exception nnposter (Mar 13)
- Re: Get value in IncompleteRead exception Vinamra Bhatia (Mar 13)
- Re: Get value in IncompleteRead exception nnposter (Mar 17)
- Re: Get value in IncompleteRead exception nnposter (Mar 12)
- <Possible follow-ups>
- Re: Get value in IncompleteRead exception Varunram Ganesh (Mar 12)