Nmap Development mailing list archives
Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 19 Dec 2013 12:32:52 -0600
On 12/19/2013 12:10 PM, Ron wrote:
You need to escape the "-" in the pattern. Lua patterns use weird syntax, explained here: http://www.lua.org/manual/5.2/manual.html#6.4.1It works if I switch out the string.match() with "==". I don't know why, though! Ron On 2013-12-19 11:57, Ron wrote:>It is indeed returning that value. The string.match() doesn't seem to be >working, though I don't understand why. > >If I change the code to this: > >if string.match(escape(detection_session.header['content-type']), "application/x-javascript") then > stdnse.print_debug(1, "The website may be vulnerable to the Zimbra 0-day.") > vuln.state = vulns.STATE.EXPLOIT > return vuln_report:make_output(detection_session.body) >else > stdnse.print_debug(1, " \n'" .. escape(detection_session.header['content-type']) .. "' !=\n'application/x-javascript'") > stdnse.print_debug(1, "Bad content-type for the resource : " .. detection_session.header['content-type']) > return >end > >It prints this: > >NSE: GET /zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 >NSE: >'application/x-javascript' != >'application/x-javascript' > >Which makes absolutely no sense.
The "-" means "ungreedy 0-or-more," similar to *? in PCRE. The escape character is "%", so your match should be: string.match( whatever, "application/x%-javascript" )
Or, as Ron pointed out, a more strict equality. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 14)
- Re: [NSE] Created NSE script to detect Zimbra 0 day George Chatzisofroniou (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 18)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Daniel Miller (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Robin Wood (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 19)
- <Possible follow-ups>
- Re: [NSE] Created NSE script to detect Zimbra 0 day Ron (Dec 19)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Dec 20)