[Plugins-writers] Bug in Plugin 11438? (Apache Tomcat Directory Listing)

• Previous message: George A. Theall: "Re: [Plugins-writers] Fix for false negative in http_asn1_decoding.nasl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello All,

While watching packets zip by for false positive analysis, I don't
think the tomcat_directory_listing_and_file_disclosure.nasl plugin
works as advertised.

This segment:
req = http_get(item:string("/", raw_string(0), ".jsp"), port:port);

Didn't show anything after the "/" for the "item" parameter via
tcpdump [1] on my system.  Changing raw_string to have anything but
"0" seems to work (albeit defeating the purpose of the plugin). 
I'm assuming http_get() sees the raw 0 as a NULL and stops w/ the
string.

Also, I noticed another interesting phenomenon.  The F5 BigIP
caching servers would show two different responses, depending if
"Pragma: no-cache" was set.  W/ it set, the page was returned.  W/
it absent, an HTTP 500 error was sent.

Jon


[1]

15:36:31.228105 IP (tos 0x0, ttl  64, id 42402, offset 0, flags
[DF], length: 306) 127.0.0.1.50396 > 127.0.0.1.2345: P [tcp sum ok]
1:255(254) ack 1 win 8192 <nop,nop,timestamp 104429479 104429479>
0x0000:  0000 0000 0000 0000 0000 0000 0800 4500  ..............E.
0x0010:  0132 a5a2 4000 4006 9621 7f00 0001 7f00  .2..@.@..!......
0x0020:  0001 c4dc 0929 baf5 d23a bb30 22c7 8018  .....)...:.0"...
0x0030:  2000 a512 0000 0101 080a 0639 77a7 0639  ...........9w..9
0x0040:  77a7 4745 5420 2f20 4854 5450 2f31 2e31  w.GET./.HTTP/1.1
0x0050:  0d0a 436f 6e6e 6563 7469 6f6e 3a20 436c  ..Connection:.Cl
0x0060:  6f73 650d 0a48 6f73 743a 2031 3237 2e30  ose..Host:.127.0
0x0070:  2e30 2e31 0d0a 5072 6167 6d61 3a20 6e6f  .0.1..Pragma:.no
0x0080:  2d63 6163 6865 0d0a 5573 6572 2d41 6765  -cache..User-Age
0x0090:  6e74 3a20 4d6f 7a69 6c6c 612f 342e 3735  nt:.Mozilla/4.75
0x00a0:  205b 656e 5d20 2858 3131 2c20 553b 204e  .[en].(X11,.U;.N
0x00b0:  6573 7375 7329 0d0a 4163 6365 7074 3a20  essus)..Accept:.
0x00c0:  696d 6167 652f 6769 662c 2069 6d61 6765  image/gif,.image
0x00d0:  2f78 2d78 6269 746d 6170 2c20 696d 6167  /x-xbitmap,.imag
0x00e0:  652f 6a70 6567 2c20 696d 6167 652f 706a  e/jpeg,.image/pj
0x00f0:  7065 672c 2069 6d61 6765 2f70 6e67 2c20  peg,.image/png,.
0x0100:  2a2f 2a0d 0a41 6363 6570 742d 4c61 6e67  */*..Accept-Lang
0x0110:  7561 6765 3a20 656e 0d0a 4163 6365 7074  uage:.en..Accept
0x0120:  2d43 6861 7273 6574 3a20 6973 6f2d 3838  -Charset:.iso-88
0x0130:  3539 2d31 2c2a 2c75 7466 2d38 0d0a 0d0a  59-1,*,utf-8....





		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: George A. Theall: "Re: [Plugins-writers] Fix for false negative in http_asn1_decoding.nasl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Sep 23 2005 - 14:27:42 PDT