Nmap Development mailing list archives
Re: http-axis2-dir-traversal
From: Fyodor <fyodor () insecure org>
Date: Thu, 21 Jul 2011 03:03:42 -0700
On Fri, Jul 15, 2011 at 06:22:50PM -0700, Paulino Calderon wrote:
Hi nmap-dev, description = [[ http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
Thanks Paulino. This looks like a good script. Here are my small suggestions: o The example in @usage seems to be missing the actual file argument. It would be nice to have both an example of common (no argument) usage, and one where it is downloading another common file such as /etc/passwd or whatever. o The NSEDoc says "if you wish to retrieve other files you may need to add more "/../" to traverse to the correct folder location." I think you're talking about adding them to the http-axis2-dir-traversal.file argument, but this should probably be made more clear. o It is great that it uses the creds library! o The output should include CVE number or OSVDB or some sort of good reference to the vulnerability. Maybe you can look at how other 'vuln' scripts report things. Soon, I think Djalal will have a more standardized library for formatting detected vuln output. After you make these changes, please check it in. Cheers, Fydoor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-axis2-dir-traversal Paulino Calderon (Jul 15)
- Re: http-axis2-dir-traversal Fyodor (Jul 21)
- Re: http-axis2-dir-traversal Paulino Calderon (Jul 24)
- Re: http-axis2-dir-traversal Fyodor (Jul 21)