Nmap Development mailing list archives
Re: Scanning for WebDAV vulns
From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Wed, 20 May 2009 22:05:02 -0500
Ron wrote:
Hi again, We've made a number of updates to the script, mostly written by a friend of mine, including: 1) Adding support for discovering whether or not WebDAV is enabled 2) Checking if root folder is protected (we can't do checks if it is) 3) We support Windows XP (IIS 5.1) now. I've committed that change to SVN if anybody wants to give it a try -- please test it if you can, and let me know if you get any weird errors. We tried to account for every situation. Also, if anybody knows how to exploit this on IIS 5.0 (Windows 2000), please let me know -- we couldn't figure out a way. Ron
Ron,I've done a bit of testing on your script against a couple of my systems, and for the most part it appears to work very well. It correctly detected WebDAV enabled or disabled on the systems I ran it against, and also correctly detected that the unpatched systems with WebDAV enabled were vulnerable. However, I noticed a typo on line 148 (I'm working w/SVN revision 13361) where you have pring_debug instead of print_debug. This leads to the following error when running with -d and --script-trace:
NSE: http-iis-webdav-vuln threw an error!./scripts/http-iis-webdav-vuln.nse:148: attempt to call field 'pring_debug' (a nil value)
stack traceback:./scripts/http-iis-webdav-vuln.nse:148: in function <./scripts/http-iis-webdav-vuln.nse:135>
This particular incident was running against a Windows XP machine, IIS 5.1, with WebDAV disabled through registry settings.
The other suggestion that I have is to possibly add port 443 and/or the service "https" to the portrule, similar to the way http-auth and http-passwd do. This allows the script to run against secure web servers without having to perform version scanning with -sV.
Thanks for your great work on this script. Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Scanning for WebDAV vulns Ron (May 19)
- Re: Scanning for WebDAV vulns Ron (May 20)
- Re: Scanning for WebDAV vulns Thomas Buchanan (May 20)
- Re: Scanning for WebDAV vulns Ron (May 21)
- Re: Scanning for WebDAV vulns Thomas Buchanan (May 20)
- Re: Scanning for WebDAV vulns Thierry Zoller (May 20)
- Re: Scanning for WebDAV vulns Ron (May 20)
- Re: Scanning for WebDAV vulns Ron (May 20)
- Re[2]: Scanning for WebDAV vulns Thierry Zoller (May 21)
- Re: Scanning for WebDAV vulns Ron (May 20)
- Re: Scanning for WebDAV vulns Ron (May 20)