Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r33690 - nmap/scripts

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 20 Sep 2014 07:55:56 -0500
Paul and Rob,

You are listed as authors on this script, so I'm addressing you directly.
The copy of this script that was committed was clearly not the one you
tested with: the action function had no return value, so it would never
provide any output. I think I've corrected that, but I don't have a
vulnerable device to test with.

The script looks like it's a bit incomplete. The username and password are
retrieved, but only displayed if the user turns on debugging. They should
probably be returned along with the vulns report. Also, there's an escape
function that's used in several places, but it is just a string.gsub that
doesn't actually do any substitutions.

I'd appreciate a little more attention given to this script so that users
can have confidence in their results. Thanks!

Dan

On Sat, Sep 20, 2014 at 12:40 AM, <commit-mailer () nmap org> wrote:


Author: dmiller
Date: Sat Sep 20 05:40:47 2014
New Revision: 33690

Log:
Make http-vuln-wnr1000-creds actually return something

Modified:
   nmap/scripts/http-vuln-wnr1000-creds.nse

Modified: nmap/scripts/http-vuln-wnr1000-creds.nse

==============================================================================
--- nmap/scripts/http-vuln-wnr1000-creds.nse    (original)
+++ nmap/scripts/http-vuln-wnr1000-creds.nse    Sat Sep 20 05:40:47 2014
@@ -79,13 +79,15 @@
             if payload_session then
                 local netgear_username =
string.match(escape(payload_session.body), 'Router Admin
Username</td>.+align="left">(.+)</td>.+Router Admin')
                 local netgear_password =
string.match(escape(payload_session.body), 'Router Admin
Password</td>.+align="left">(.+)</td>.+MNUText')
-                if (username ~= nil and password ~= nil) then
+                if (netgear_username ~= nil and netgear_password ~= nil)
then
                     stdnse.debug1("username : %s",
escape(netgear_username))
                     stdnse.debug1("password : %s",
escape(netgear_password))
+                    vuln.state = vulns.STATE.VULN
                 else
                     stdnse.debug1("We haven't been able to get
username/password")
                 end
             end
         end
     end
+    return vuln_report:make_output(vuln)
 end

_______________________________________________
Sent through the svn mailing list
http://nmap.org/mailman/listinfo/svn


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: