Nmap Development mailing list archives
Re: [NSE] POST path handling in http-default-accounts-fingerprints
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 30 Jul 2013 00:40:30 +0300
On Fri, Jul 26, 2013 at 11:10:25PM +0000, nnposter () users sourceforge net wrote:
The following patch allows http-default-accounts-fingerprints.lua to correctly handle cases where the tested fingerprint path does not end with "/". Without this patch such fingerprints are broken because try_http_post_login() simply concatenates the path and the target when building the login request. As an example, the current fingerprint for Arris 2307 has path set to "/logo_t.gif" while the target is "login.cgi". The current behavior is causing the credentials to be submitted to "/logo_t.giflogin.cgi". With the patch the credentials are sent to "/login.cgi".
I don't really like the concatenation that occurs there. Why not simply pass the path of the login form? Like this, Index: nselib/data/http-default-accounts-fingerprints.lua =================================================================== --- nselib/data/http-default-accounts-fingerprints.lua (revision 31578) +++ nselib/data/http-default-accounts-fingerprints.lua (working copy) @@ -47,14 +47,13 @@ -- @return True if login in was successful --- local function try_http_post_login(host, port, path, target, failstr, params, follow_redirects) - local req = http.post(host, port, path..target, {no_cache=true}, nil, params) + local req = http.post(host, port, target, {no_cache=true}, nil, params) @@ -74,7 +73,7 @@ {username = "admin", password = "admin"} }, login_check = function (host, port, path, user, pass) - return try_http_post_login(host, port, path, "index.php", "Invalid User Name/Password", {action="login", login_username=user, login_password=pass}, false) + return try_http_post_login(host, port, path, "/cacti/index.php", "Invalid User Name/Password", {action="login", login_username=user, login_password=pass}, false) end }) @@ -108,7 +107,7 @@ {username = "admin", password = "axis2"} }, login_check = function (host, port, path, user, pass) - return try_http_post_login(host, port, path, "login", "Invalid auth credentials!", {submit="+Login+", userName=user, password=pass}) + return try_http_post_login(host, port, path, "/axis2/axis2-admin/login", "Invalid auth credentials!", {submit="+Login+", userName=user, password=pass}) end }) --- @@ -124,7 +123,7 @@ {username = "", password = ""} }, login_check = function (host, port, path, user, pass) - return try_http_post_login(host, port, path, "login.cgi", "Login Error !!", {action="submit", page="", logout="", pws=pass}) + return try_http_post_login(host, port, path, "/login.cgi", "Login Error !!", {action="submit", page="", logout="", pws=pass}) end }) -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 26)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Aug 13)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Aug 15)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints nnposter (Jul 29)
- Re: [NSE] POST path handling in http-default-accounts-fingerprints George Chatzisofroniou (Jul 29)