Nmap Development mailing list archives
Re: [NSE] Created NSE script to detect Zimbra 0 day
From: Paul AMAR <aos.paul () gmail com>
Date: Thu, 9 Jan 2014 10:18:33 +0100
Hi there, Got a remark from Chris Schatz, and actually, there's some '%' symbols missing in the urls starting line 90. local url_short = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_short .. "00" local url_long = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_long .. "00" but It should be : local url_short = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_short .. "%00" local url_long = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_long .. "%00" If you all agree, i'll submit a patch in the day to patch this. Thanks Chris ! 2013/12/20 Paul AMAR <aos.paul () gmail com>
Hi, Thanks for updating the script Ron. That's really weird that it was working for me though. @George, thanks for the hint with the special character "-". 2013/12/19 Ron <ron () skullsecurity net>I fixed up the code quite a bit and submitted it on irc, it cleanly detects vulnerable and patched hosts now. Ron On 19 Dec 2013 10:34, George Chatzisofroniou <sophron () latthi com> wrote:On Wed, Dec 18, 2013 at 06:18:57PM -0600, Ron wrote:The issue with the script as-is is, once the vuln is patched, it'llkeepreporting it's vulnerable, I think, unless they just delete the file.ifyou try to grab a "bad" file (like /etc/shadow), everything seem toworkfine.There are some fixes around already. By fixing the LFI, the HTTPresponse statuswon't be 200, so the script will not return a false positive.It works if I switch out the string.match() with "==". I don't know why, though!That's because Lua string.match() method expects a pattern as a secondargument(not a raw string) and the special "-" character is interpreted as theLuamodifier for repetitions. Thanks for cathing this. -- George Chatzisofroniou_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Jan 09)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Feb 07)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Daniel Miller (Feb 07)
- Re: [NSE] Created NSE script to detect Zimbra 0 day Paul AMAR (Feb 07)