Re: http-axis2-dir-traversal

[Paulino Calderon <paulino () calderonpale com>]

On 07/21/2011 05:03 AM, Fyodor wrote:
> On Fri, Jul 15, 2011 at 06:22:50PM -0700, Paulino Calderon wrote:
> > Hi nmap-dev,
> >
> > description = [[
> > http-axis2-dir-traversal exploits a directory traversal vulnerability in
> > Apache Axis2 version 1.4.1 by sending a specially crafted request to the
> > parameter<code>xsd</code>  (OSVDB-59001). By default it will try to
> > retrieve the configuration file of the Axis2 service
> > <code>'/conf/axis2.xml'</code>  using the path
> > <code>'/axis2/services/'</code>  to return the username and password of
> > the admin account.
> Thanks Paulino.  This looks like a good script.  Here are my small
> suggestions:
>
> o The example in @usage seems to be missing the actual file argument.
>    It would be nice to have both an example of common (no argument)
>    usage, and one where it is downloading another common file such as
>    /etc/passwd or whatever.
>
> o The NSEDoc says "if you wish to retrieve other files you may need to
>    add more "/../" to traverse to the correct folder location."  I
>    think you're talking about adding them to the
>    http-axis2-dir-traversal.file argument, but this should probably be
>    made more clear.
>
> o It is great that it uses the creds library!
>
> o The output should include CVE number or OSVDB or some sort of good
>    reference to the vulnerability.  Maybe you can look at how other
>    'vuln' scripts report things.  Soon, I think Djalal will have a more
>    standardized library for formatting detected vuln output.
>
> After you make these changes, please check it in.
>
> Cheers,
> Fydoor

Commited as r25251.

Cheers.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/