New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create http-mcmp.nse #304
Create http-mcmp.nse #304
Conversation
Checks if the webserver allows mod_cluster management protocol (MCMP) methods. This is a potential open proxy, or mitm vulnerability.
Hi, In general while writing scripts you should use stdnse.output_table() instead of the output_lines table for outputs, this allows the output to be properly formatted. As this is a vulnerability script you are better of using the vulns library which generates a nicely formatted vulnerability report table. Also, where have you used the exception handler declared on line 38? Also, can we have better checks that can reduce a set of false positives? Many servers are configured to return 200 for any method, this comment is for the DUMP request. |
I will check out the improvements for output and I will check the exception handler. These bits where copied from another script. The DUMP will only execute after a succesful PING-RSP. Therefore this should not generate false positives. I haven't seen any thus far. |
I've implemented stdnse.output_table(). I removed the exception handler. I checked that other http modules did not use it either and therefore decided that it was unnecessary to implement it in this module. Please check if this is good enough for the main branch. Thanks in advance... |
Hi, Thanks! |
1 similar comment
Hi, Thanks! |
It is a vulnerability in my opinion, because it allows redirecting the proxy traffic of a Mod_cluster host. It occurs because of a configuration error; not defining the hosts that are allowed to send these commands. Would this still count as a 'vuln' script? If so I will implement it the way you describe. (There is no cve that I'm aware of.) Thanks! |
git-svn-id: https://svn.nmap.org/nmap@35914 e0a8ed71-7df4-0310-8962-fdc924857419
Checks if the webserver allows mod_cluster management protocol (MCMP) methods.
This is a potential open proxy, or mitm vulnerability.