Nmap Development mailing list archives
Re: [NSE] Created NSE script to detect Zimbra 0 day
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 19 Dec 2013 00:28:38 +0200
Hi there, On Sat, Dec 14, 2013 at 01:14:41PM +0100, Paul AMAR wrote:
I developed a NSE script that detects if the host is vulnerable to Zimbra 0 day which has been released few days (week) ago (exploit here : http://www.exploit-db.com/exploits/30085/). The script detects if the file is present (http status code 200) with a good content-type (application/x-javascript) and give the URL to try it by yourself. Don't hesitate if you have any feedback. To try this, I had a vulnerable environment with some old VMs running Zimbra. *./nmap -p80 --script http-vuln-0-day-lfi-zimbra 192.168.56.101 -d*
I commited your script as revision 32565. Thanks for contributing, -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 14)
- Re: [NSE] Created NSE script to detect Zimbra 0 day George Chatzisofroniou (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Daniel Miller (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Robin Wood (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)