Nmap Development mailing list archives
Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection)
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 2 Jan 2012 10:45:25 +0100
On Mon, Jan 2, 2012 at 12:32 AM, Hani Benhabiles <kroosec () gmail com> wrote:
Hi Patrik, I've fixed this issue by adding matching tests in the attached version. -- Matching returned response body to confirm vulnerability local matchstart = '<?xml version="1.0" encoding="utf-8"?>' local matchend = '</string><null/></object></body></amfx>' local matchsize = 120 local matchnotvuln = '<string>External entities are not allowed</string>' Cheers, Hani. Hi Hani,
I cleanup up some indentation and added support for vuln output using the vulns library. Would you mind testing to make sure I didn't break anything and update the @output section with the new results? Thanks, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 01)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Jan 01)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Patrik Karlsson (Jan 02)
- Re: [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Jan 01)