Nmap Development mailing list archives
nmap 4.21 alpha4 escaping attribute content
From: Tim Rupp <tarupp () fnal gov>
Date: Mon, 23 Apr 2007 13:07:34 -0500
Hi list, Not sure if this has been reported yet. In nmap 4.21 alpha4 I'm running the following scannmap -sS -p 80 -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout 40m --max-retries 0 -oX - 111.111.111.111
and nmap is generating a service tag with an attribute called extrainfo. Inside that attribute is data that's not escaped correctly; the "less than" and "greater than" signs, and the double quotes. This causes the XML output to be incorrect.
extrainfo="(Unix) mod_fastcgi/2.4.2 mod_ssl/2.8.19 OpenSSL/0.9.6e" method="probed" conf="10" /><script id="HTML title" output="www-ccf.fnal.gov Homepage<title><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252"> <LINK REL="stylesheet" TYPE="text/css" HREF="/cdincludes/style.css"> <title>Coming soon! CCF Department file server CCFSRV2 " /></port>
</ports>I've attached the full xml file if that helps. I did a quick search on the web for the proper escape sequences. Not entirely sure how correct that is, but it may be a start.
http://hdf.ncsa.uiuc.edu/HDF5/XML/xml_escape_chars.htm Thanks! Tim
<?xml version="1.0" ?> <?xml-stylesheet href="/usr/local/share/nmap/nmap.xsl" type="text/xsl"?> <!-- Nmap 4.21ALPHA4 scan initiated Mon Apr 23 12:58:25 2007 as: ./nmap -sS -p 80 -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout 40m --max-retries 0 -oX - 131.225.80.22 --> <nmaprun scanner="nmap" args="./nmap -sS -p 80 -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout 40m --max-retries 0 -oX - 131.225.80.22" start="1177351105" startstr="Mon Apr 23 12:58:25 2007" version="4.21ALPHA4" xmloutputversion="1.01"> <scaninfo type="syn" protocol="tcp" numservices="1" services="80" /> <verbose level="0" /> <debugging level="0" /> <host><status state="up" /> <address addr="131.225.80.22" addrtype="ipv4" /> <address addr="00:30:48:75:81:52" addrtype="mac" vendor="Supermicro Computer" /> <hostnames><hostname name="ccfsrv2.fnal.gov" type="PTR" /></hostnames> <ports><port protocol="tcp" portid="80"><state state="open" /><service name="http" product="Apache httpd" version="1.3.31" extrainfo="(Unix) mod_fastcgi/2.4.2 mod_ssl/2.8.19 OpenSSL/0.9.6e" method="probed" conf="10" /><script id="HTML title" output="www-ccf.fnal.gov Homepage<title><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252"> <LINK REL="stylesheet" TYPE="text/css" HREF="/cdincludes/style.css"> <title>Coming soon! CCF Department file server CCFSRV2 " /></port> </ports> </host> <runstats><finished time="1177351111" timestr="Mon Apr 23 12:58:31 2007"/><hosts up="1" down="0" total="1" /> <!-- Nmap run completed at Mon Apr 23 12:58:31 2007; 1 IP address (1 host up) scanned in 6.224 seconds --> </runstats></nmaprun>
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap 4.21 alpha4 escaping attribute content Tim Rupp (Apr 23)
- [PATCH] NSE - escaping attribute content Stoiko Ivanov (May 01)
- Re: [PATCH] NSE - escaping attribute content Tim Rupp (May 01)
- Re: [PATCH] NSE - escaping attribute content Brandon Enright (May 01)
- Re: [PATCH] NSE - escaping attribute content - corrected Stoiko Ivanov (May 05)
- Re: [PATCH] NSE - escaping attribute content - corrected Diman Todorov (May 05)
- [PATCH] NSE - escaping attribute content Stoiko Ivanov (May 01)