Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Type in script http-webdav-scan

From: Galen Lyngholm <glyngholm () gmail com>
Date: Tue, 21 Feb 2017 17:19:45 -0700
I'm not sure if this is the right list for this or not, but it appears
there's a regex issue in line 98 of the http-webdav-scan.nse script

local oct_1, oct_2, oct_3, oct_4 =
matched_ip:match('(%d%d?%d?)%.(%d%d?%d?)%.(%d%d?%d)%.(%d%d?%d?)')

should probably be

local oct_1, oct_2, oct_3, oct_4 =
matched_ip:match('(%d%d?%d?)%.(%d%d?%d?)%.(%d%d?%d?)%.(%d%d?%d?)')

In its current state, the script will crash if the third octet is a single
digit:

NSE: http-webdav-scan against 10.x.1.x:80 threw an error!
/usr/bin/../share/nmap/scripts/http-webdav-scan.nse:100: attempt to compare
number with nil
stack traceback:
/usr/bin/../share/nmap/scripts/http-webdav-scan.nse:100: in upvalue
'validateIP'
/usr/bin/../share/nmap/scripts/http-webdav-scan.nse:119: in upvalue 'getIPs'
/usr/bin/../share/nmap/scripts/http-webdav-scan.nse:147: in upvalue
'check_propfind'
/usr/bin/../share/nmap/scripts/http-webdav-scan.nse:179: in function
</usr/bin/../share/nmap/scripts/http-webdav-scan.nse:158>
(...tail calls...)

Thanks

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: