Nmap Development mailing list archives
Re: [NSE] POST path handling in http-default-accounts-fingerprints
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 30 Jul 2013 00:40:30 +0300
On Fri, Jul 26, 2013 at 11:10:25PM +0000, nnposter () users sourceforge net wrote:
The following patch allows http-default-accounts-fingerprints.lua to correctly handle cases where the tested fingerprint path does not end with "/". Without this patch such fingerprints are broken because try_http_post_login() simply concatenates the path and the target when building the login request. As an example, the current fingerprint for Arris 2307 has path set to "/logo_t.gif" while the target is "login.cgi". The current behavior is causing the credentials to be submitted to "/logo_t.giflogin.cgi". With the patch the credentials are sent to "/login.cgi".
I don't really like the concatenation that occurs there. Why not simply pass the
path of the login form?
Like this,
Index: nselib/data/http-default-accounts-fingerprints.lua
===================================================================
--- nselib/data/http-default-accounts-fingerprints.lua (revision 31578)
+++ nselib/data/http-default-accounts-fingerprints.lua (working copy)
@@ -47,14 +47,13 @@
-- @return True if login in was successful
---
local function try_http_post_login(host, port, path, target, failstr, params, follow_redirects)
- local req = http.post(host, port, path..target, {no_cache=true}, nil, params)
+ local req = http.post(host, port, target, {no_cache=true}, nil, params)
@@ -74,7 +73,7 @@
{username = "admin", password = "admin"}
},
login_check = function (host, port, path, user, pass)
- return try_http_post_login(host, port, path, "index.php", "Invalid User Name/Password", {action="login",
login_username=user, login_password=pass}, false)
+ return try_http_post_login(host, port, path, "/cacti/index.php", "Invalid User Name/Password", {action="login",
login_username=user, login_password=pass}, false)
end
})
@@ -108,7 +107,7 @@
{username = "admin", password = "axis2"}
},
login_check = function (host, port, path, user, pass)
- return try_http_post_login(host, port, path, "login", "Invalid auth credentials!", {submit="+Login+",
userName=user, password=pass})
+ return try_http_post_login(host, port, path, "/axis2/axis2-admin/login", "Invalid auth credentials!",
{submit="+Login+", userName=user, password=pass})
end
})
---
@@ -124,7 +123,7 @@
{username = "", password = ""}
},
login_check = function (host, port, path, user, pass)
- return try_http_post_login(host, port, path, "login.cgi", "Login Error !!", {action="submit", page="", logout="",
pws=pass})
+ return try_http_post_login(host, port, path, "/login.cgi", "Login Error !!", {action="submit", page="", logout="",
pws=pass})
end
})
--
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 26)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Aug 13)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Aug 15)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)