Re: [NSE] http-verb-tamper

[Hani Benhabiles <kroosec () gmail com>]

On Fri, Nov 4, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net> wrote:

> Hi Hani,
>
> Thanks for submitting this script! I had a quick look at it and I noticed
> that the script argument read in the action method does not reflect the one
> documented in the usage.

Attached the fixed version ! thanks for the catch.


> Also, I'm not sure how widespread this vulnerability is and if it would
> make more sense to target the reported JBoss vulnerability instead? Or
> maybe have two script, one generic like the one you submitted, and one that
> targets CVE-2010-738 specifically. While I appreciate that the generic
> script could be sued to detect CVE-2010-738 I think it would be better to
> be able to do so without needing to supply the path.
Yes, I believe it would make sense to implement a script that targets it
specifically as there is actually a worm that's actively exploiting this
JBoss vulnerability [1]. Plus, it won't take much work to adapt the generic
script, just using /jmx-console/ as the path. In both cases, the script
isn't intrusive as it tests first if there's authentication (401 or 302
that could be a redirect to a login page.)

[1] http://www.infoq.com/news/2011/10/jboss-worm

Cheers,

--
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: @kroosec

Attachment: http-verb-tamper.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/