Re: [NSE] script to detect phpfilevault version 09

[Daniel Miller <bonsaiviking () gmail com>]

Johanna,

Thanks for this contribution. Given the simplicity of the check, I think
you could easily convert it to a http-enum fingerprint [1]. Check out the
fingerprints file in nselib/data/http-fingerprints.lua. This has the added
benefit of handling a few common cases that might cause false-positives,
specifically servers that return 200 OK for every request. I don't think it
would work well as a standalone script because of how little this plugin is
used: only 119 downloads in the last year, 90 or so of which came
immediately after the vulnerability was disclosed.

Let us know how it goes! We'd be glad to help and credit you with your
first entry in the CHANGELOG.

Dan



[1] https://nmap.org/nsedoc/scripts/http-enum.html

On Thu, Jul 28, 2016 at 10:58 PM, Johanna Curiel <johannapcuriel () gmail com>
wrote:

> Hi list,
>
> Couple of days ago the following vulnerability was reported
> https://www.exploit-db.com/exploits/40163/
>
>
> I wrote the following nse script (tested)
> https://github.com/jowasp/nmap/blob/master/scripts/http-
> phpfilevault09-dir-traversal.nse
>
>
> Cheers
>
> Johanna
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/