Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Get value in IncompleteRead exception

From: Vinamra Bhatia <vinamrabhatia8 () gmail com>
Date: Sun, 12 Mar 2017 23:56:09 +0530
Thanks a lot for the response.
However, http.post returns a status code of 400. What i am trying to
implement is given in a PoC here
https://github.com/nixawk/labs/blob/master/CVE-2017-5638/exploit-urllib2.py
When i run a http.post request with the header as given in the PoC against
a vulnerable apache struts2 web app set up on my localhost, i get the
response.status as 400 and response.body as blank.

On Mar 12, 2017 11:08 PM, "nnposter" <nnposter () users sourceforge net> wrote:


On 3/12/17 1:09 AM, Vinamra Bhatia wrote:

Greetings everyone,
I was trying to write a new vulnerability script but was unable to find
a function like httplib.IncompleteRead as in Python.
Basically, I want to call the IncompleteRead exception when the
http.post response is unable to fetch a response and want the check the
values returned by the exception.
I tried checking the values of response i got from http.post and the
response doesnt contain the data that is fetched by IncompleteRead
exception in Python

Thanks and regards
Vinamra Bhatia
CS Sophomore
BITS Pilani


Here is a quick and dirty patch that might work for you. You can use it
as follows:

req = http.get(host, port, path)
if not req and req.partial then
  stdnse.debug1("Partial response is %d bytes long", #req.partial)
end

There are some issues that would need to be taken care of first, before
this patch could be included in the trunk.

Cheers,
nnposter


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: