Nmap Development mailing list archives

Re: .htaccess + php sec bypass

From: Gabriel Lawrence <gabriel.lawrence () gmail com>
Date: Mon, 30 Jul 2012 16:22:38 -0700

My thought is to leverage the http-enum script...

gabe

On Mon, Jul 30, 2012 at 4:12 PM, Arturo 'Buanzo' Busleiman
<buanzo () buanzo com ar> wrote:

NICE.

I'll try to get Matias & Maxi to offer some insight here.

On Mon, Jul 30, 2012 at 6:52 PM, Gabriel Lawrence
<gabriel.lawrence () gmail com> wrote:

I saw that talk and have thought about  doing a script... but, i wont
be able to look at doing it for a couple weeks, so I imagine someone
could bang one out between now and then... But, if nobody does - I'll
be happy to step up and do it.

gabe

On Mon, Jul 30, 2012 at 12:16 PM, Arturo 'Buanzo' Busleiman
<buanzo () buanzo com ar> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey Guys,

A couple of friends and colleagues (Maxi Soler and Matias Katz) shown the .htaccess security
bypass vuln+tool this week at our favorite security conferences.

Any plans to create an nse script to detect this misconfiguration?


- --
? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAlAW3YIACgkQAlpOsGhXcE0Z+wCeLbCBW8F/ETllJAwxKwFCKQoR
LEMAn0uq46v0FtPGBOvBE4ZEotkEClVr
=zRH7
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

.htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
- Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
  - Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
    - Re: .htaccess + php sec bypass Gabriel Lawrence (Jul 30)
    - Re: .htaccess + php sec bypass Matias Katz (Aug 01)
    - Re: .htaccess + php sec bypass Arturo 'Buanzo' Busleiman (Jul 30)
    - Re: .htaccess + php sec bypass Paulino Calderon (Aug 04)
    - Re: .htaccess + php sec bypass Paulino Calderon (Aug 17)
    - Re: .htaccess + php sec bypass David Fifield (Sep 07)
    - Re: .htaccess + php sec bypass Paulino Calderon (Sep 10)