Update to http-wordpress-users.nse

[Desenvolvimento via dev <dev () nmap org>]

Hi,

Been a long time since my last post to this list :P I was making use of the
http-wordpress-users.nse script when I noticed a bug. The regular
expression for the case when the server returns a 200 HTTP status is too
open, it needs to be more specific.

When there is a link similar to the feed link that occurs before the feed
link, the expression will include everything between that initial link and
the feed link. An example output of when this happens follows below.

80/tcp open  http    syn-ack ttl 128
| http-wordpress-users:
| Username found: administrator/" />
| <link rel="alternate" hreflang="nl-NL" href="
http://scanme.nmap.org/author/administrator/"; />
|
| (snipped for brevity)
|
| <link rel="alternate" type="application/rss+xml" title="ScanMe &raquo;
Posts by Administrator Feed" href="
http://scanme.nmap.org/author/administrator/

To fix this, the group that matches/captures the author username will only
do so until it finds a forward slash.

Patch follows below, cheers,
Duarte


Index: scripts/http-wordpress-users.nse
===================================================================
--- scripts/http-wordpress-users.nse (revision 37717)
+++ scripts/http-wordpress-users.nse (working copy)
@@ -64,7 +64,7 @@
     elseif req.status == 200 then
       -- Users with no posts get a 200 response, but the name is in an RSS
link.
       -- http://seclists.org/nmap-dev/2011/q3/812
-      local _, _, user = string.find(req.body,
'https?://.-/author/(.-)/feed/')
+      local _, _, user = string.find(req.body,
'https?://.-/author/([^/]+)/feed/')
       return user
     end
   end

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/