http-fileupload-exploiter can not find pixel.gif #1608
Comments
|
It also seems to work to put a relative path that makes sense: |
|
There seems to be a bug in that the file location is not properly searched for. Could you please give this patch a spin and report results? --- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -56,6 +56,7 @@
local http = require "http"
local io = require "io"
+local nmap = require "nmap"
local string = require "string"
local httpspider = require "httpspider"
local shortport = require "shortport"
@@ -211,6 +212,16 @@
local foundfield = 0
local fail = 0
+ local pixel
+ local pixelfn = nmap.fetchfile("nselib/data/pixel.gif")
+ if pixelfn then
+ local fh = io.open(pixelfn, "rb")
+ pixel = fh:read("a")
+ fh:close()
+ else
+ stdnse.debug1("Warning: Test file nselib/data/pixel.gif not found")
+ pixel = nil
+ end
local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME } )
@@ -300,16 +311,15 @@
end
-- Method (3).
- local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
- local image = inp:read("a")
-
- buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, image)
+ if pixel then
+ buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, pixel)
- result = makeAndCheckRequests(uploadspaths)
- if result then
- table.insert(returntable, result)
- else
- fail = 1
+ result = makeAndCheckRequests(uploadspaths)
+ if result then
+ table.insert(returntable, result)
+ else
+ fail = 1
+ end
end
end
else |
|
root@kali:/usr/share/nmap# patch -Np1 -i /root/nmpatch.txt Ran nmap: Output looks good: Thanks for the fix. |
|
Fix committed as r37632. Thank you for contributing to nmap. |
nmap -v -d -sV --script http-fileupload-exploiter 10.0.0.21
Against OWASP_BROKEN_WEB_APPS_VM_1.2.
---snip---
NSE: http-fileupload-exploiter against 10.0.0.21:443 threw an error!
.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:303: nselib/data/pixel.gif: No such file or directory
stack traceback:
[C]: in function 'assert'
.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:303: in function <.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:201>
(...tail calls...)
NSE Timing: About 99.73% done; ETC: 13:35 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:35 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:36 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:36 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:37 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:37 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:38 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:38 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:39 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:39 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:40 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:40 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:41 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:41 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:42 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:42 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:43 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:43 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:44 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:44 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:45 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:45 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:46 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:46 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:47 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:47 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:48 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:48 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:49 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:49 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:50 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:50 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:51 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:51 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:52 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:52 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:53 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:53 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:54 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:54 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:55 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:55 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:56 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:56 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:57 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:57 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:58 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:58 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:59 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:59 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 14:00 (0:00:04 remaining)
---snip---
I ran into this originally doing a 'vuln' scan on a pentest. I started out using the
parameter --script-timeout 100 so that the scan would eventually finish.
Then I decided to take a look at the http-fileupload-exploiter script to see if I could figure out how to fix it. I tried putting the full path (/usr/share/nmap/nselib/data/pixel.gif) into the line:
local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
Then I started seeing output in my vuln scan that I don't recall ever seeing before:
http-fileupload-exploiter:
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
|_ Failed to upload and execute a payload.
Assuming that this fixes the issue.
Thanks,
Rob
The text was updated successfully, but these errors were encountered: