Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create http-mcmp.nse #304

Closed
wants to merge 2 commits into from
Closed

Conversation

FrankSpierings
Copy link

Checks if the webserver allows mod_cluster management protocol (MCMP) methods.
This is a potential open proxy, or mitm vulnerability.

Checks if the webserver allows mod_cluster management protocol (MCMP) methods. 
This is a potential open proxy, or mitm vulnerability.
@h4ck3rk3y
Copy link

Hi,

In general while writing scripts you should use stdnse.output_table() instead of the output_lines table for outputs, this allows the output to be properly formatted.

As this is a vulnerability script you are better of using the vulns library which generates a nicely formatted vulnerability report table. Also, where have you used the exception handler declared on line 38?

Also, can we have better checks that can reduce a set of false positives? Many servers are configured to return 200 for any method, this comment is for the DUMP request.

@FrankSpierings
Copy link
Author

I will check out the improvements for output and I will check the exception handler. These bits where copied from another script.

The DUMP will only execute after a succesful PING-RSP. Therefore this should not generate false positives. I haven't seen any thus far.

@FrankSpierings
Copy link
Author

I've implemented stdnse.output_table(). I removed the exception handler. I checked that other http modules did not use it either and therefore decided that it was unnecessary to implement it in this module. Please check if this is good enough for the main branch. Thanks in advance...

@h4ck3rk3y
Copy link

Hi,
I am sorry if my comment wasn't clear. Generally stdnse.output_table() works but as this is a vuln script you are better of using the vulns library. The library generates a standard report used by many other scripts in Nmap.

Thanks!

1 similar comment
@h4ck3rk3y
Copy link

Hi,
I am sorry if my comment wasn't clear. Generally stdnse.output_table() works but as this is a vuln script you are better of using the vulns library. The library generates a standard report used by many other scripts in Nmap.

Thanks!

@FrankSpierings
Copy link
Author

It is a vulnerability in my opinion, because it allows redirecting the proxy traffic of a Mod_cluster host. It occurs because of a configuration error; not defining the hosts that are allowed to send these commands. Would this still count as a 'vuln' script? If so I will implement it the way you describe. (There is no cve that I'm aware of.)

Thanks!

@nmap-bot nmap-bot closed this in 1c16a55 Jun 25, 2016
tremblerz pushed a commit to tremblerz/nmap that referenced this pull request Jul 20, 2016
tremblerz pushed a commit to tremblerz/nmap that referenced this pull request Jul 21, 2016
batrick pushed a commit to batrick/nmap that referenced this pull request Aug 2, 2016
git-svn-id: https://svn.nmap.org/nmap@35914 e0a8ed71-7df4-0310-8962-fdc924857419
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants