Nmap Development mailing list archives
Re: [PATCH] sql-injection.nse arguments
From: Joao Correa <joao () livewire com br>
Date: Thu, 16 Jul 2009 20:07:40 -0300
Hi guys, I've been discussing about this changes with Fyodor and we both agreed that it would be better if, instead of arguments, that the script could resolve the hostname by itself. I'm sending a new patch that allows the code to resolve the hostname, exactly as it is done in http.lua, enabling the script to scan virtually hosted websites. The changes previously proposed were kept. Thanks, Joao On Sat, Jul 11, 2009 at 2:33 PM, Joao Correa<joao () livewire com br> wrote:
Hello guys, I was making a few tests with sql-injection.nse and, due to some restrictions, I started getting annoyed about the big number of websites that the script was unable to scan. The way sql-injection.nse works makes it unable to scan virtually hosted websites for sql injections, due to the script being unable to retrieve the website hostname. This patch creates an argument (sql-injection.host) for the hostname, so if the user wants to scan a virtually hosted website, he can just specify which is the website's hostname. Also, I've introduced a second argument, called sql-injection.start, which specifies the starting point for the scan (sometimes, it is useful avoiding initial pages with only flash introductions, or only scanning part of a large website tree). The patch is very simple and also fixes some comments.
Attachment:
sql-injection-hostname.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] sql-injection.nse arguments Joao Correa (Jul 11)
- Re: [PATCH] sql-injection.nse arguments Joao Correa (Jul 16)
- Re: [PATCH] sql-injection.nse arguments David Fifield (Jul 18)
- Re: [PATCH] sql-injection.nse arguments Joao Correa (Jul 16)