Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-filedownload-exploiter draft

From: Israel Leiva <israel.leiva () usach cl>
Date: Mon, 10 Mar 2014 05:03:38 -0300
Hi George. Thanks for the feedback!




Have you checked http-passwd? It is our generic directory traversal
script. I
think your code fits better there.




Yes, I've checked http-passwd but I'm not quite sure it fits the purpose of
this script. Yes, the script actually checks for the passwd file, but
_only_ as a last resource, because the webpage may be misconfigured but the
server not necessarily, in that case it won't allow such requests (for
passwd).




You should override the default withinhost method and do your checks there.



What do you mean with this?

Cheers.
--
israel
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: