Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Created NSE script to detect Zimbra 0 day

From: Paul AMAR <aos.paul () gmail com>
Date: Fri, 20 Dec 2013 08:44:54 +0100
Hi,

Thanks for updating the script Ron.
That's really weird that it was working for me though.

@George, thanks for the hint with the special character "-".


2013/12/19 Ron <ron () skullsecurity net>


I fixed up the code quite a bit and submitted it on irc, it cleanly
detects vulnerable and patched hosts now.

Ron

On 19 Dec 2013 10:34, George Chatzisofroniou <sophron () latthi com> wrote:


On Wed, Dec 18, 2013 at 06:18:57PM -0600, Ron wrote:

The issue with the script as-is is, once the vuln is patched, it'll

keep

reporting it's vulnerable, I think, unless they just delete the file.

if

you try to grab a "bad" file (like /etc/shadow), everything seem to

work

fine.


There are some fixes around already. By fixing the LFI, the HTTP

response status

won't be 200, so the script will not return a false positive.


It works if I switch out the string.match() with "==".

I don't know why, though!


That's because Lua string.match() method expects a pattern as a second

argument

(not a raw string) and the special "-" character is interpreted as the

Lua

modifier for repetitions. Thanks for cathing this.

--
George Chatzisofroniou

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: