Nmap Development mailing list archives

Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184)

From: David Fifield <david () bamsoftware com>
Date: Tue, 10 Aug 2010 13:56:42 -0600

On Tue, Aug 10, 2010 at 08:19:00PM +0200, Gutek wrote:

Thanks a lot for your attention and reporting this lack of check !
Please find attached the appropriate patch, tested against both [several
30x and 40x] and [positive examples as commented inside the script]


Thanks, I committed this. But I still think it's not 100%. The problem
is that is reports a hash even for hosts that don't use PHP. (That
ignore the magic query string and just return the normal page.)

./nmap --datadir . --script http-php-version scanme.nmap.org -p80

Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-08-10 13:55 MDT
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.066s latency).
PORT   STATE SERVICE
80/tcp open  http
| http-php-version: Logo query returned unknown hash b2a24d35ffb001ed815a41578134bd46
|_Credits query returned unknown hash b2a24d35ffb001ed815a41578134bd46

NSE: Script Post-scanning.
Nmap done: 1 IP address (1 host up) scanned in 8.96 seconds

Could the unknown hashes be printed only in verbose mode? (Remember when
testing that listing a script by name automatically puts it in verbose
mode.)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Possible Bug - [NSE] PHP version disclosure (OSVDB 12184) Tom Sellers (Aug 09)
- Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184) Gutek (Aug 10)
  - Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184) David Fifield (Aug 10)
    - Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184) Gutek (Aug 12)
    - Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184) David Fifield (Aug 16)