Re: [NSE] Created NSE script to detect Zimbra 0 day

[Paul AMAR <aos.paul () gmail com>]

Hi,

@George, thanks for adding the script.

@Ron, I'm thinking about adding gzip support, I guess I might work on this
when I'll have time.
And you're definitely right, I'll add the choice for the file (as an
argument).

Thanks for the feedback ;-)

Paul


2013/12/19 Ron <ron () skullsecurity net>

> It'd be cool if you could give the filename to read as an argument
> (defaulting to the config file)! If Nmap doesn't have gzip support, this
> would be a *great* reason to add it!
>
> The issue with the script as-is is, once the vuln is patched, it'll keep
> reporting it's vulnerable, I think, unless they just delete the file. if
> you try to grab a "bad" file (like /etc/shadow), everything seem to work
> fine.
>
> Ron
>
> On 2013-12-14 13:14, Paul AMAR wrote:
> > Hello all,
> >
> > I developed a NSE script that detects if the host is vulnerable to
> Zimbra 0
> > day which has been released few days (week) ago (exploit here :
> > http://www.exploit-db.com/exploits/30085/).
> >
> > The script detects if the file is present (http status code 200) with a
> > good content-type (application/x-javascript) and give the URL to try it
> by
> > yourself.
> >
> > Don't hesitate if you have any feedback.
> > To try this, I had a vulnerable environment with some old VMs running
> > Zimbra.
> >
> > *./nmap -p80 --script http-vuln-0-day-lfi-zimbra 192.168.56.101 -d*
> >
> > Regards,
> > Paul
>
>
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/