Nmap Development mailing list archives
Re: [NSE] http-filedownload-exploiter draft
From: Israel Leiva <israel.leiva () usach cl>
Date: Mon, 10 Mar 2014 05:03:38 -0300
Hi George. Thanks for the feedback!
Have you checked http-passwd? It is our generic directory traversal script. I think your code fits better there.
Yes, I've checked http-passwd but I'm not quite sure it fits the purpose of this script. Yes, the script actually checks for the passwd file, but _only_ as a last resource, because the webpage may be misconfigured but the server not necessarily, in that case it won't allow such requests (for passwd).
You should override the default withinhost method and do your checks there.
What do you mean with this? Cheers. -- israel _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-filedownload-exploiter draft Israel Leiva (Feb 14)
- Re: [NSE] http-filedownload-exploiter draft George Chatzisofroniou (Mar 05)
- Re: [NSE] http-filedownload-exploiter draft Israel Leiva (Mar 10)
- Re: [NSE] http-filedownload-exploiter draft George Chatzisofroniou (Mar 12)
- Re: [NSE] http-filedownload-exploiter draft Israel Leiva (Mar 10)
- Re: [NSE] http-filedownload-exploiter draft George Chatzisofroniou (Mar 05)