Re: [NSE] http-verb-tamper

[David Fifield <david () bamsoftware com>]

On Fri, Nov 04, 2011 at 11:04:37PM +0100, Hani Benhabiles wrote:
> On Fri, Nov 4, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net> wrote:
>
> > Hi Hani,
> >
> > Thanks for submitting this script! I had a quick look at it and I noticed
> > that the script argument read in the action method does not reflect the one
> > documented in the usage.
>
> Attached the fixed version ! thanks for the catch.
>
>
> > Also, I'm not sure how widespread this vulnerability is and if it would
> > make more sense to target the reported JBoss vulnerability instead? Or
> > maybe have two script, one generic like the one you submitted, and one that
> > targets CVE-2010-738 specifically. While I appreciate that the generic
> > script could be sued to detect CVE-2010-738 I think it would be better to
> > be able to do so without needing to supply the path.
> Yes, I believe it would make sense to implement a script that targets it
> specifically as there is actually a worm that's actively exploiting this
> JBoss vulnerability [1]. Plus, it won't take much work to adapt the generic
> script, just using /jmx-console/ as the path. In both cases, the script
> isn't intrusive as it tests first if there's authentication (401 or 302
> that could be a redirect to a login page.)

I think it should be a script that works for default for the JBoss
vulnerability, and can be adapted to to work for other cases through a
script argument, rather than the other way around. This is what I want:

Change the script name to http-method-tamper.

Change to a script argument http-method-tamper.paths (which is an
array).

Make paths default to {"/jmx-console/"}.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/