Re: Scanning for WebDAV vulns

[Ron <ron () skullsecurity net>]

Thomas Buchanan wrote:
> Ron,
>
> I've done a bit of testing on your script against a couple of my 
> systems, and for the most part it appears to work very well.  It 
> correctly detected WebDAV enabled or disabled on the systems I ran it 
> against, and also correctly detected that the unpatched systems with 
> WebDAV enabled were vulnerable.  However, I noticed a typo on line 148 
> (I'm working w/SVN revision 13361) where you have pring_debug instead of 
> print_debug.  This leads to the following error when running with -d and 
> --script-trace:
>
> NSE: http-iis-webdav-vuln threw an error!
> ./scripts/http-iis-webdav-vuln.nse:148: attempt to call field 
> 'pring_debug' (a nil value)
> stack traceback:
>         ./scripts/http-iis-webdav-vuln.nse:148: in function 
> <./scripts/http-iis-webdav-vuln.nse:135>
>
> This particular incident was running against a Windows XP machine, IIS 
> 5.1, with WebDAV disabled through registry settings.
>
> The other suggestion that I have is to possibly add port 443 and/or the 
> service "https" to the portrule, similar to the way http-auth and 
> http-passwd do.  This allows the script to run against secure web 
> servers without having to perform version scanning with -sV.
>
> Thanks for your great work on this script.
>
> Thomas
Glad to hear it's working out!

I fixed pring_debug() just now, thanks for catching it.

I'll look into the SSL idea -- I'm not sure if the current http.lua 
class supports SSL, but if it doesn't we'll add it.

Thanks for the feedback!

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org