Nmap Development mailing list archives
Re: Error on script http-adobe-coldfusion-apsa1301.nse
From: nnposter () users sourceforge net
Date: Fri, 29 Aug 2014 19:41:25 +0000
George Chatzisofroniou wrote:
The script was missing a sanity check. I made a commit as revision 33621. Please update and try again.
The list ate up my earlier e-mail, which proposed a more substantial patch. Please use it as you see fit. Patch notes: * Added error handling in case the HTTP request fails * Added error handling in case some other cookie is being set * Replaced custom header parsing with cookies already parsed by http.lua * Leveraged url.absolute() for path contruction Cheers, nnposter Patch against r33623 follows: --- scripts/http-adobe-coldfusion-apsa1301.nse.orig 2014-08-25 18:22:16.000000000 -0600 +++ scripts/http-adobe-coldfusion-apsa1301.nse 2014-08-29 10:09:32.611489000 -0600 @@ -24,6 +24,7 @@ local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" +local url = require "url" portrule = shortport.http local DEFAULT_PATH = "/CFIDE/adminapi/" @@ -32,13 +33,13 @@ -- Extracts the admin cookie by reading CFAUTHORIZATION_cfadmin from the header 'set-cookie' -- local function get_admin_cookie(host, port, basepath) - local req = http.get(host, port, basepath..MAGIC_URI) - if req.header['set-cookie'] then - stdnse.debug1("Header 'set-cookie' detected in response.") - local _, _, admin_cookie = string.find(req.header['set-cookie'], ";path=/, CFAUTHORIZATION_cfadmin=(.*);path=/") - if admin_cookie and admin_cookie:len() > 79 then - stdnse.debug1("Extracted cookie:%s", admin_cookie) - return admin_cookie + local req = http.get(host, port, url.absolute(basepath, MAGIC_URI)) + if not req then return nil end + for _, ck in ipairs(req.cookies or {}) do + stdnse.debug2("Set-Cookie for %q detected in response.", ck.name) + if ck.name == "CFAUTHORIZATION_cfadmin" and ck.value:len() > 79 then + stdnse.debug1("Extracted cookie:%s", ck.value) + return ck.value end end return nil _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Error on script http-adobe-coldfusion-apsa1301.nse Mr. Doel (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse nnposter (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 30)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse nnposter (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 29)