RE: NSE Script for Webmin File Disclosure exploit (CVE2006-3392)

["Rob Nicholls" <robert () robnicholls co uk>]

Hi Paul,

I made a few tweaks to the script, such as replacing the description to avoid any potential copyright issues and 
updating the disclosure date. I also removed a local function that didn't appear to be used. I'm not entirely sure what 
the purpose of it might have been, but if you were thinking of URL encoding certain characters you may want to look at 
the "url" library's escape function in future.

The script has just been committed, I'll try to review the Netgear script this afternoon and update script.db in a bit.

Rob

> -----Original Message-----
> From: dev [mailto:dev-bounces () nmap org] On Behalf Of Paul AMAR
> Sent: 04 May 2014 13:35
> To: dev () nmap org
> Subject: NSE Script for Webmin File Disclosure exploit (CVE2006-3392)
>
> Hi there,
>
> For some challenges, I had to exploit Webmin File Disclosure vulnerability
> (quite old).
> This vulnerability is associated with the following CVE: 2006-3392.
>
> Few references:
> http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosur
> e
> http://www.exploit-db.com/exploits/1997/
>
> To use the script:
>
> ./nmap -p10000 -n -Pn --script http-vuln-cve2006-3392 192.168.1.86 -d *This
> will retrieve /etc/passwd* *by default*
>
> ./nmap -p10000 -n -Pn --script http-vuln-cve2006-3392 192.168.1.86 --script-
> args http-vuln-cve2006-3392.file=/etc/shadow -d
>
>
> *You can either specify the file you want to retrieve* Cheers, Paul
>
> ps: Any idea when my script for Netgear WNR1000v3 Credential Harvesting
> Exploit will be added to the current revision?


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/