-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http-fileupload-exploiter can not find pixel.gif #1608
Comments
It also seems to work to put a relative path that makes sense: |
There seems to be a bug in that the file location is not properly searched for. Could you please give this patch a spin and report results? --- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -56,6 +56,7 @@
local http = require "http"
local io = require "io"
+local nmap = require "nmap"
local string = require "string"
local httpspider = require "httpspider"
local shortport = require "shortport"
@@ -211,6 +212,16 @@
local foundfield = 0
local fail = 0
+ local pixel
+ local pixelfn = nmap.fetchfile("nselib/data/pixel.gif")
+ if pixelfn then
+ local fh = io.open(pixelfn, "rb")
+ pixel = fh:read("a")
+ fh:close()
+ else
+ stdnse.debug1("Warning: Test file nselib/data/pixel.gif not found")
+ pixel = nil
+ end
local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME } )
@@ -300,16 +311,15 @@
end
-- Method (3).
- local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
- local image = inp:read("a")
-
- buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, image)
+ if pixel then
+ buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, pixel)
- result = makeAndCheckRequests(uploadspaths)
- if result then
- table.insert(returntable, result)
- else
- fail = 1
+ result = makeAndCheckRequests(uploadspaths)
+ if result then
+ table.insert(returntable, result)
+ else
+ fail = 1
+ end
end
end
else |
root@kali:/usr/share/nmap# patch -Np1 -i /root/nmpatch.txt Ran nmap: Output looks good: Thanks for the fix. |
Fix committed as r37632. Thank you for contributing to nmap. |
nmap -v -d -sV --script http-fileupload-exploiter 10.0.0.21
Against OWASP_BROKEN_WEB_APPS_VM_1.2.
---snip---
NSE: http-fileupload-exploiter against 10.0.0.21:443 threw an error!
.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:303: nselib/data/pixel.gif: No such file or directory
stack traceback:
[C]: in function 'assert'
.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:303: in function <.../bin/../share/nmap/scripts/http-fileupload-exploiter.nse:201>
(...tail calls...)
NSE Timing: About 99.73% done; ETC: 13:35 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:35 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:36 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:36 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:37 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:37 (0:00:00 remaining)
NSE Timing: About 99.73% done; ETC: 13:38 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:38 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:39 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:39 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:40 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:40 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:41 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:41 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:42 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:42 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:43 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:43 (0:00:01 remaining)
NSE Timing: About 99.73% done; ETC: 13:44 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:44 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:45 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:45 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:46 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:46 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:47 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:47 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:48 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:48 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:49 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:49 (0:00:02 remaining)
NSE Timing: About 99.73% done; ETC: 13:50 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:50 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:51 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:51 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:52 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:52 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:53 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:53 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:54 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:54 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:55 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:55 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:56 (0:00:03 remaining)
NSE Timing: About 99.73% done; ETC: 13:56 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:57 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:57 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:58 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:58 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:59 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 13:59 (0:00:04 remaining)
NSE Timing: About 99.73% done; ETC: 14:00 (0:00:04 remaining)
---snip---
I ran into this originally doing a 'vuln' scan on a pentest. I started out using the
parameter --script-timeout 100 so that the scan would eventually finish.
Then I decided to take a look at the http-fileupload-exploiter script to see if I could figure out how to fix it. I tried putting the full path (/usr/share/nmap/nselib/data/pixel.gif) into the line:
local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
Then I started seeing output in my vuln scan that I don't recall ever seeing before:
http-fileupload-exploiter:
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
|_ Failed to upload and execute a payload.
Assuming that this fixes the issue.
Thanks,
Rob
The text was updated successfully, but these errors were encountered: