Nmap Development mailing list archives
Re: http-barracuda-dir-traversal.nse
From: Paulino Calderon <paulino () calderonpale com>
Date: Tue, 28 Jun 2011 18:52:00 -0700
On 06/14/2011 10:10 PM, Brendan Coles wrote:
Updated script attached. I've looped the config matching and changed the portrule to port_or_service (8000, "barracuda", {"tcp"}) On Wed, Jun 15, 2011 at 11:19 AM, David Fifield<david () bamsoftware com>wrote:On Fri, Jun 10, 2011 at 11:21:00AM +1000, Brendan Coles wrote:Version 0.2 is attached which implements the suggested changes. A user count is provided, a reference to the full disclosure post wasaddedand error handling was improved.This looks good to me. Could someone commit it when possible? The only thing that really stands out to me is the repeated code that gets the configuration values--could that be transformed into a loop over a table of variable names? Perhaps it should run only if service detection finds a Barracuda device? The benefits are that we could make this script default without causing extra traffic to other types of web servers. The downside is that we'll not detect a vulnerability if version detection fails. I think there's something to be said for making scripts like this run by default when they can be reasonably limited. Otherwise they may exist but never get used except in special circumstances. David Fifield_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks for submitting with this.I've commited this script as revision 24454 but I couldn't add the credentials library support because I don't have access to this device so maybe someone else can help us with this.
Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-barracuda-dir-traversal.nse Brendan Coles (Jun 07)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 09)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 09)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 09)
- Re: http-barracuda-dir-traversal.nse David Fifield (Jun 14)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 14)
- Re: http-barracuda-dir-traversal.nse Paulino Calderon (Jun 28)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Fyodor (Jun 14)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 19)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 19)
- Re: http-barracuda-dir-traversal.nse Djalal Harouni (Jun 20)
- Re: creds-summary David Fifield (Jun 20)
- Re: creds-summary Patrik Karlsson (Jun 27)