Re: Possible Bug - [NSE] PHP version disclosure (OSVDB 12184)

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 10/08/2010 21:56, David Fifield a écrit :
> Could the unknown hashes be printed only in verbose mode? (Remember when
> testing that listing a script by name automatically puts it in verbose
> mode.)
>
> David Fifield

As a quick workaround, here is a patch in which some verbosity is
required to return a non-matching fingerprint (unknown hash).

It's not a realy satisfying solution as it still computes a useless hash
if the target is not running PHP: useless ressources.
A solution would be to add a function which would be able to detect in
some way the dynamic web technology used.
Obviously, looking for the optionnal header field X-Powered-By is not
the solution, as it's the very goal of this script.
Also, querying some default page (let's say, index.php) and checking the
HTTP200 code is not the way because some web sites "in contruction" may
not have any of those pages yet: results would be false-negatives.

Hence, the "best" patch will be something more complex, I guess. Which
means, not likely to be commited in a short term.

Still, I'm on it and will come back with a (working !) proposal.

So help me Lua :)

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkxjvy8ACgkQ3aDTTO0ha7iPggCfWB/+27xuAVRFiGe5tNopLdje
VaIAn3XDofpT52azJmkhxbOEZTl0q/EN
=GXZZ
-----END PGP SIGNATURE-----

Attachment: http-php-version.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/