Nmap Development mailing list archives
Re: NSE Script for Webmin File Disclosure exploit (CVE2006-3392)
From: Paul AMAR <aos.paul () gmail com>
Date: Sun, 4 May 2014 18:29:10 +0200
Hi Rob, True, the function was to display the url etc. and escape the '%' character. Thanks for integrating the scripts. Paul 2014-05-04 17:01 GMT+02:00 Rob Nicholls <robert () robnicholls co uk>:
Hi Paul, I made a few tweaks to the script, such as replacing the description to avoid any potential copyright issues and updating the disclosure date. I also removed a local function that didn't appear to be used. I'm not entirely sure what the purpose of it might have been, but if you were thinking of URL encoding certain characters you may want to look at the "url" library's escape function in future. The script has just been committed, I'll try to review the Netgear script this afternoon and update script.db in a bit. Rob-----Original Message----- From: dev [mailto:dev-bounces () nmap org] On Behalf Of Paul AMAR Sent: 04 May 2014 13:35 To: dev () nmap org Subject: NSE Script for Webmin File Disclosure exploit (CVE2006-3392) Hi there, For some challenges, I had to exploit Webmin File Disclosurevulnerability(quite old). This vulnerability is associated with the following CVE: 2006-3392. Few references: http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosur e http://www.exploit-db.com/exploits/1997/ To use the script: ./nmap -p10000 -n -Pn --script http-vuln-cve2006-3392 192.168.1.86 -d*Thiswill retrieve /etc/passwd* *by default* ./nmap -p10000 -n -Pn --script http-vuln-cve2006-3392 192.168.1.86--script-args http-vuln-cve2006-3392.file=/etc/shadow -d *You can either specify the file you want to retrieve* Cheers, Paul ps: Any idea when my script for Netgear WNR1000v3 Credential Harvesting Exploit will be added to the current revision?
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Script for Webmin File Disclosure exploit (CVE2006-3392) Paul AMAR (May 04)
- RE: NSE Script for Webmin File Disclosure exploit (CVE2006-3392) Rob Nicholls (May 04)
- Re: NSE Script for Webmin File Disclosure exploit (CVE2006-3392) Paul AMAR (May 04)
- RE: NSE Script for Webmin File Disclosure exploit (CVE2006-3392) Rob Nicholls (May 04)