Nmap Development mailing list archives
Re: [NSE] NSE Script for D-link DSR routers (CVE 2013-5945)
From: George Chatzisofroniou <sophron () latthi com>
Date: Sat, 28 Dec 2013 21:29:18 +0200
Hi there, On Mon, Dec 23, 2013 at 02:11:23PM +0100, Paul AMAR wrote:
I created a NSE script for CVE 2013-5945 ( http://www.exploit-db.com/exploits/30062/). This script tries to do SQL injection on the login form to log as an admin using those credentials: *login* : admin *password* : ' or 'a'='a To try it : *./nmap -p 443 --script http-vuln-cve2013-5945.nse 127.0.0.1* To test it, I discussed with the author of those vulnerabilities (nu11) to try it and the script is working fine. Don't hesitate to test it and/or give me any feedback.
I was wondering if http-sql-injection.nse can detect this vulnerability. If not, maybe it makes more sense to improve the current sqli script instead of creating a new one. -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] NSE Script for D-link DSR routers (CVE 2013-5945) Paul AMAR (Dec 23)
- Re: [NSE] NSE Script for D-link DSR routers (CVE 2013-5945) George Chatzisofroniou (Dec 28)