Mongodb Nmap NSE script fails #1802
Comments
26ayushagarwal
changed the title
|
Thank you for reporting the issue. Could you please validate that the following minimalist patch rectifies it? --- nselib/mongodb.lua.orig 2019-02-02 18:40:29.517567300 -0700
+++ nselib/mongodb.lua 2019-11-11 18:37:16.574910400 -0700
@@ -127,7 +127,7 @@
end
dbg("Packet length is %d",length)
--Final pack
- return true, string.pack("<I4z", length, elements)
+ return true, string.pack("<I4", length) .. elements .. "\0"
end
-- Reads a null-terminated string. If length is supplied, it is just cut
@@ -418,7 +418,7 @@
packet:addUnsignedInt32(0); -- options
packet:addString(collectionName);
packet:addUnsignedInt32(0) -- number to skip
- packet:addUnsignedInt32(-1) -- number to return : no limit
+ packet:addUnsignedInt32(0xFFFFFFFF) -- number to return : no limit
local status, error = packet:addBSON(query)
if not status thenIf yes, I would then ask you to test another patch, which is slightly larger but cleaner. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
While running mongodb scripts fail with error message.
Nmap Version : 7.80
/usr/bin/../share/nmap/nselib/mongodb.lua:379: bad argument #2 to 'pack' (unsigned overflow)
stack traceback:
[C]: in function 'string.pack'
/usr/bin/../share/nmap/nselib/mongodb.lua:379: in method 'addUnsignedInt32'
/usr/bin/../share/nmap/nselib/mongodb.lua:421: in function </usr/bin/../share/nmap/nselib/mongodb.lua:416>
(...tail calls...)
/usr/bin/../share/nmap/scripts/mongodb-brute.nse:77: in upvalue 'needsAuth'
/usr/bin/../share/nmap/scripts/mongodb-brute.nse:97: in function </usr/bin/../share/nmap/scripts/mongodb-brute.nse:95>
(...tail calls...)
The text was updated successfully, but these errors were encountered: