[NSE] http-cakephp-version: False Positive

[Tom Sellers <nmap () fadedcode net>]

Paulino,
    It looks like there is a logic bug in http-cakephp-version that results
in 'http-cakephp-version: Version of codebase: 1.3.x' being returned for
any query against a HTTP port where the response is not 200.  File not
found, response 404, and Unauthorized, response 401, are two examples of 
this.

This can be reproduced using the following command line:

sudo nmap -sSCV -p80 --script=http-cakephp-version.nse www.google.com
80/tcp open  http    Google httpd 2.0 (GFE)
|_http-cakephp-version: Version of codebase: 1.3.x



The problem appears to be in lines 62 and 63 where it reports 1.3.x for
any Non-200 response.

58  -- Is /js/vendors.php there?
59  response = http.get(host, port, VENDORS_QUERY)
60  if response.body and response.status == 200 then
61    installation_version = {"1.1.x","1.2.x"}
62  elseif response.status ~= 200 then                    ******
63    installation_version = {"1.3.x"}                    ******
66  end

I would recommend adjusting the logic to include some form of positive
check for the presence of CakePHP and removing the default 1.3.x version
stamp for non-200 HTTP responses.

Thanks much,

Tom


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/