Nmap Development mailing list archives

[NSE] NSE Script for D-link DSR routers (CVE 2013-5945)

From: Paul AMAR <aos.paul () gmail com>
Date: Mon, 23 Dec 2013 14:11:23 +0100

Hi everybody,

I created a NSE script for CVE 2013-5945 (
http://www.exploit-db.com/exploits/30062/).
This script tries to do SQL injection on the login form to log as an admin
using those credentials:

*login* : admin
*password* : ' or 'a'='a

To try it :

*./nmap -p 443 --script http-vuln-cve2013-5945.nse 127.0.0.1*

To test it, I discussed with the author of those vulnerabilities (nu11) to
try it and the script is working fine.

Don't hesitate to test it and/or give me any feedback.

Regards,
Paul

Attachment: http-vuln-cve2013-5945.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] NSE Script for D-link DSR routers (CVE 2013-5945) Paul AMAR (Dec 23)
- Re: [NSE] NSE Script for D-link DSR routers (CVE 2013-5945) George Chatzisofroniou (Dec 28)