Nmap Development mailing list archives
Re: .htaccess + php sec bypass
From: Gabriel Lawrence <gabriel.lawrence () gmail com>
Date: Mon, 30 Jul 2012 16:22:38 -0700
My thought is to leverage the http-enum script... gabe On Mon, Jul 30, 2012 at 4:12 PM, Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar> wrote:
NICE. I'll try to get Matias & Maxi to offer some insight here. On Mon, Jul 30, 2012 at 6:52 PM, Gabriel Lawrence <gabriel.lawrence () gmail com> wrote:I saw that talk and have thought about doing a script... but, i wont be able to look at doing it for a couple weeks, so I imagine someone could bang one out between now and then... But, if nobody does - I'll be happy to step up and do it. gabe On Mon, Jul 30, 2012 at 12:16 PM, Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hey Guys, A couple of friends and colleagues (Maxi Soler and Matias Katz) shown the .htaccess security bypass vuln+tool this week at our favorite security conferences. Any plans to create an nse script to detect this misconfiguration? - -- ? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier Independent Linux and Security Consultant - 16+y of IT exp. at your service . OWASPer - http://www.buanzo.com.ar/pro/eng.html ..: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAlAW3YIACgkQAlpOsGhXcE0Z+wCeLbCBW8F/ETllJAwxKwFCKQoR LEMAn0uq46v0FtPGBOvBE4ZEotkEClVr =zRH7 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
- Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
- Re: .htaccess + php sec bypass Matias Katz (Aug 01)
- Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Paulino Calderon (Aug 04)
- Re: .htaccess + php sec bypass Paulino Calderon (Aug 17)
- Re: .htaccess + php sec bypass David Fifield (Sep 07)
- Re: .htaccess + php sec bypass Paulino Calderon (Sep 10)
- Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)