Re: [NSE] http-config-backup

[Riccardo Cecolin <nmap () rikiji de>]

Thanks for trying it, I wrongly called tostring() on an optional
argument of the script and then checked it in an if statement, so
tostring(nil) == "nil" as far as my lua repl says. Changing line 111
from:
local base = tostring(stdnse.get_script_args("http-config-backup.base"))
to
local base = stdnse.get_script_args("http-config-backup.base")
fixed it on my system, was this the source of the bug? Didn't notice
before because i had all the test files in a subdirectory.

Riccardo

On Tue, Feb 14, 2012 at 8:19 PM, David Fifield <david () bamsoftware com> wrote:
> On Tue, Feb 14, 2012 at 08:00:51PM +0100, Riccardo Cecolin wrote:
> > Hi
> >
> > I'm a grad student, I'd like to learn how nmap works and then slowly start
> > contributing to the project.
> > I started choosing a simple script from the "Script Ideas" page and
> > implementing it.
> > Attached to this mail there's "http-config-backup". Let me know what can be
> > fixed/improved.
>
> Thanks, I tried this, but there seems to be a bug. It's requesting URLs
> like
>
> /nil/mt-config.bak
> /nil/LocalSettings copy.php
>
> I ran:
>        ./nmap --script=http-config-backup www.bamsoftware.com -p80 -d --script-trace
>
> I'm attaching the prototype I wrote for this script, in case you want to
> use some of its ideas.
>
> Use the url.build or url.build_path function to do the encoding of
> special characters.
>
> David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/