Re: [NSE] A script for CVE 2014-7236

[Gyanendra Mishra <anomaly.the () gmail com>]

Hi,

I think staying up all night was a bad idea. Sorry for three consecutive
posts on the same thread.
I found another small mistake in the script. I forgot to concatenate the
'path' argument with the payload.
Plus there was a duplicate in the 'references' field.
Please look at the GitHub link [1] for the 'path' update and other updates
if any.
Hope this was the last bug I find in this script today.

[1]
https://raw.githubusercontent.com/h4ck3rk3y/nmap/master/test_scripts/http-vuln-cve2014-7236.nse

Gyanendra


On Mon, Mar 23, 2015 at 6:19 AM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi,
>
> Tiny mistake. The script is named wrongly. It should be
> http-vuln-cve2014-7236.nse. The documentation inside the script has the
> correct name in @usage and the wrong name in @output. I edited the same and
> have attached the modified version.
>
> Gyanendra
>
> On Mon, Mar 23, 2015 at 6:11 AM, Gyanendra Mishra <anomaly.the () gmail com>
> wrote:
>
> > Hi,
> >
> > Versions 4.0.x to 6.0.0 have a remote pearl code execution vulnerability
> > as mentioned here[1].
> >
> > The script attached checks for the same vulnerability.
> >
> > [1]http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
> >
> > Gyanendra
>
>
>
> --
> Gyanendra Mishra
> CS Sophomore
> BITS PILANI, Pilani Campus
> email-anomaly.the () gmail com



-- 
Gyanendra Mishra
CS Sophomore
BITS PILANI, Pilani Campus
email-anomaly.the () gmail com

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/