Nmap Development mailing list archives

Re: [NSE] NSE Script for D-link DSR routers (CVE 2013-5945)

From: George Chatzisofroniou <sophron () latthi com>
Date: Sat, 28 Dec 2013 21:29:18 +0200

Hi there,

On Mon, Dec 23, 2013 at 02:11:23PM +0100, Paul AMAR wrote:

I created a NSE script for CVE 2013-5945 (
http://www.exploit-db.com/exploits/30062/).
This script tries to do SQL injection on the login form to log as an admin
using those credentials:

*login* : admin
*password* : ' or 'a'='a

To try it :

*./nmap -p 443 --script http-vuln-cve2013-5945.nse 127.0.0.1*

To test it, I discussed with the author of those vulnerabilities (nu11) to
try it and the script is working fine.

Don't hesitate to test it and/or give me any feedback.


I was wondering if http-sql-injection.nse can detect this vulnerability. If not,
maybe it makes more sense to improve the current sqli script instead of creating
a new one.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] NSE Script for D-link DSR routers (CVE 2013-5945) Paul AMAR (Dec 23)
- Re: [NSE] NSE Script for D-link DSR routers (CVE 2013-5945) George Chatzisofroniou (Dec 28)