Nmap Development mailing list archives
Re: [nmap-svn] r18544 - nmap/nselib
From: jah <jah () zadkiel plus com>
Date: Fri, 02 Jul 2010 16:21:06 +0100
On 02/07/2010 15:22, David Fifield wrote:
On Fri, Jul 02, 2010 at 04:35:18AM -0700, commit-mailer () insecure org wrote:Author: jah Date: Fri Jul 2 04:35:18 2010 New Revision: 18544 Log: Strip newlines from the the portion of the http status line starting after a space. Modified: nmap/nselib/http.lua Modified: nmap/nselib/http.lua ============================================================================== --- nmap/nselib/http.lua (original) +++ nmap/nselib/http.lua Fri Jul 2 04:35:18 2010 @@ -1348,7 +1348,7 @@ if(space == nil) then return data['status-line'] else - return string.sub(data['status-line'], space + 1) + return (string.sub(data['status-line'], space + 1)):gsub('\r?\n', '') end endWhat's the reason for this? What scripts and libraries does it affect?
Here's an example affecting http-enum: NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently ) (/_vti_txt/) NSE: HTTP: Page didn't match the 404 response (403 Forbidden ) (/images/) NSE: HTTP: Page was '200 OK ', it exists! (/phpmyadmin/) NSE: Found a valid page! (/phpmyadmin/: phpMyAdmin) where the output should look like: NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/_vti_txt/) NSE: HTTP: Page didn't match the 404 response (403 Forbidden) (/images/) NSE: HTTP: Page was '200 OK', it exists! (/phpmyadmin/) NSE: Found a valid page! (/phpmyadmin/: phpMyAdmin) I've been using http-enum a good deal lately, but I have only seen this happen with that one code path. I'm keeping my eye on it, in case there's something wrong beneath the surface. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r18544 - nmap/nselib David Fifield (Jul 02)
- Re: [nmap-svn] r18544 - nmap/nselib jah (Jul 02)
- Re: [nmap-svn] r18544 - nmap/nselib David Fifield (Jul 04)
- Re: [nmap-svn] r18544 - nmap/nselib jah (Jul 02)