Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] bug in httpspider library

From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 3 Aug 2012 08:23:11 +0200
Hi all,

I just got a private report of the http-sql-injection script gone haywire
testing every link it found, even though withinhost was specified.
I tracked this down to a change in the httpspider library that called a
function (removewww) that was missing a return statement.
This essentially lead to every link being validated as withinhost due to
the function returning nil.
I've committed a fix for this as r29467.

Cheers,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: