Re: [GSoC] Candidate on NSE Script Development and my first scripts

[George Chatzisofroniou <sophron () latthi com>]

Hi David,

On Tue, Apr 30, 2013 at 12:52:21AM -0700, David Fifield wrote:
> Thank you, these scripts look nice. Were you able to test
> http-fileupload-exploiter against any real software? If so, what was it
> and what were the results?

I've used the script against the implementations of file upload that
are defined here [1]. It successfully exploited them.
 
> I would prefer a library that uses an event- or pull-driven model over
> one that parses an entire document at once and gives you nested tables.
> Please see http://seclists.org/nmap-dev/2011/q3/25 and
> http://seclists.org/nmap-dev/2011/q2/1281 for a previous prototype. I
> want to avoid with the XML parser the bug we have with the http library:
> you have to buffer a huge document in memory in order to do anything
> with it.

I agree with the point that you make. From what i've seen our current
scripts perform some simple cases of XML parsing. The Pico XML library 
[2] would probably work fine for cases like these and it could also work 
for HTML documents.

So, first, we should make sure that Pico XML API (or something similar) 
provides the functionality we want and then create the C module to Nselib.

[1]: https://www.net-security.org/dl/articles/php-file-upload.pdf
[2]: http://kd7yhr.org/bushbo/pico_xml.md

-- 
George Chatzisofroniou
http://sophron.latthi.com

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/