Nmap Development mailing list archives
[NSE] bug in httpspider library
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 3 Aug 2012 08:23:11 +0200
Hi all, I just got a private report of the http-sql-injection script gone haywire testing every link it found, even though withinhost was specified. I tracked this down to a change in the httpspider library that called a function (removewww) that was missing a return statement. This essentially lead to every link being validated as withinhost due to the function returning nil. I've committed a fix for this as r29467. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] bug in httpspider library Patrik Karlsson (Aug 02)