Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] New script to detect Joomla! Header RCE [2015-8562]

From: Johanna Curiel <johannapcuriel () gmail com>
Date: Wed, 27 Jan 2016 10:43:18 -0400
Hi Gyanendra

Thank you for this awesome work.

After taking look of the script, I see many of the recognition work relies
on the identifying response headers info and identifying the administrator
path console of Jommla.

In case this information is hidden or not provided as in the request
header, it will not be able to recognise PHP? and if the path has also been
blocked (lets say by a firewall) then in that case recognition of  wont be
possible at all?

Regards

Johanna

On Tue, Jan 26, 2016 at 6:36 PM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:


Hi list,

#260 on Github called for the development of a script that detects CVE
2015-8562. This script performs checks for the same and can be used to
optionally exploit the target. I tested this on ubuntu 10.04.1 running
php 5.4.7 and Joomla! 3.4.3. Find the script in the link below.



https://svn.nmap.org/nmap-exp/gyani/scripts/http-vuln-cve2015-8562.nse


Cheers,
Gyani
ᐧ

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: