Nmap Development mailing list archives
Re: Error on script http-adobe-coldfusion-apsa1301.nse
From: nnposter () users sourceforge net
Date: Fri, 29 Aug 2014 19:41:25 +0000
George Chatzisofroniou wrote:
The script was missing a sanity check. I made a commit as revision 33621. Please update and try again.
The list ate up my earlier e-mail, which proposed a more substantial
patch. Please use it as you see fit.
Patch notes:
* Added error handling in case the HTTP request fails
* Added error handling in case some other cookie is being set
* Replaced custom header parsing with cookies already parsed by http.lua
* Leveraged url.absolute() for path contruction
Cheers,
nnposter
Patch against r33623 follows:
--- scripts/http-adobe-coldfusion-apsa1301.nse.orig 2014-08-25 18:22:16.000000000 -0600
+++ scripts/http-adobe-coldfusion-apsa1301.nse 2014-08-29 10:09:32.611489000 -0600
@@ -24,6 +24,7 @@
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
+local url = require "url"
portrule = shortport.http
local DEFAULT_PATH = "/CFIDE/adminapi/"
@@ -32,13 +33,13 @@
-- Extracts the admin cookie by reading CFAUTHORIZATION_cfadmin from the header 'set-cookie'
--
local function get_admin_cookie(host, port, basepath)
- local req = http.get(host, port, basepath..MAGIC_URI)
- if req.header['set-cookie'] then
- stdnse.debug1("Header 'set-cookie' detected in response.")
- local _, _, admin_cookie = string.find(req.header['set-cookie'], ";path=/, CFAUTHORIZATION_cfadmin=(.*);path=/")
- if admin_cookie and admin_cookie:len() > 79 then
- stdnse.debug1("Extracted cookie:%s", admin_cookie)
- return admin_cookie
+ local req = http.get(host, port, url.absolute(basepath, MAGIC_URI))
+ if not req then return nil end
+ for _, ck in ipairs(req.cookies or {}) do
+ stdnse.debug2("Set-Cookie for %q detected in response.", ck.name)
+ if ck.name == "CFAUTHORIZATION_cfadmin" and ck.value:len() > 79 then
+ stdnse.debug1("Extracted cookie:%s", ck.value)
+ return ck.value
end
end
return nil
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- Error on script http-adobe-coldfusion-apsa1301.nse Mr. Doel (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse nnposter (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 30)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse nnposter (Aug 29)
- Re: Error on script http-adobe-coldfusion-apsa1301.nse George Chatzisofroniou (Aug 29)