Nmap Development mailing list archives
Re: [NSE] New script to detect Joomla! Header RCE [2015-8562]
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Thu, 28 Jan 2016 00:25:17 +0530
Hi Johanna, I had similar thoughts while developing the script. The headers can be blocked by the server and in such cases the script would return "safe", even though it may be vulnerable, but exploiting and checking by default isn't good behavior as well. What do you think about the following implementation? If exploit is set to true then the Joomla/PHP Checks aren't considered and the script tries to exploit and tell if the server is exploitable. In case headers are blocked and exploit isn't set true then a debug message saying 'headers missing, try with exploit set to true to confirm' or similar would appear . Regards, Gyani ᐧ On Wed, Jan 27, 2016 at 8:13 PM, Johanna Curiel <johannapcuriel () gmail com> wrote:
Hi Gyanendra Thank you for this awesome work. After taking look of the script, I see many of the recognition work relies on the identifying response headers info and identifying the administrator path console of Jommla. In case this information is hidden or not provided as in the request header, it will not be able to recognise PHP? and if the path has also been blocked (lets say by a firewall) then in that case recognition of wont be possible at all? Regards Johanna On Tue, Jan 26, 2016 at 6:36 PM, Gyanendra Mishra <anomaly.the () gmail com> wrote:Hi list, #260 on Github called for the development of a script that detects CVE 2015-8562. This script performs checks for the same and can be used to optionally exploit the target. I tested this on ubuntu 10.04.1 running php 5.4.7 and Joomla! 3.4.3. Find the script in the link below. https://svn.nmap.org/nmap-exp/gyani/scripts/http-vuln-cve2015-8562.nse Cheers, Gyani ᐧ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script to detect Joomla! Header RCE [2015-8562] Gyanendra Mishra (Jan 26)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Johanna Curiel (Jan 27)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Gyanendra Mishra (Jan 27)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Johanna Curiel (Feb 06)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Gyanendra Mishra (Feb 10)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Gyanendra Mishra (Jan 27)
- Re: [NSE] New script to detect Joomla! Header RCE [2015-8562] Johanna Curiel (Jan 27)