Re: [PATCH] sql-injection.nse arguments

[David Fifield <david () bamsoftware com>]

On Thu, Jul 16, 2009 at 08:07:40PM -0300, Joao Correa wrote:
> On Sat, Jul 11, 2009 at 2:33 PM, Joao Correa<joao () livewire com br> wrote:
> > I was making a few tests with sql-injection.nse and, due to some
> > restrictions, I started getting annoyed about the big number of
> > websites that the script was unable to scan.
> >
> > The way sql-injection.nse works makes it unable to scan virtually
> > hosted websites for sql injections, due to the script being unable to
> > retrieve the website hostname. This patch creates an argument
> > (sql-injection.host) for the hostname, so if the user wants to scan a
> > virtually hosted website, he can just specify which is the website's
> > hostname. Also, I've introduced a second argument, called
> > sql-injection.start, which specifies the starting point for the scan
> > (sometimes, it is useful avoiding initial pages with only flash
> > introductions, or only scanning part of a large website tree).
>
> I've been discussing about this changes with Fyodor and we both agreed
> that it would be better if, instead of arguments, that the script
> could resolve the hostname by itself. I'm sending a new patch that
> allows the code to resolve the hostname, exactly as it is done in
> http.lua, enabling the script to scan virtually hosted websites.

The change looks fine to me. The only change I would make is a better
description and example of the sql-inject.start argument.

-- @args sql-injection.start The starting page for the script
-- nmap --script sql-injection.nse \
--      --script-args sql-injection.start=<start>

> From that description it is not clear if it should be a URL or a path.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org