Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http-grep.nse is not working properly. line 159 and 160. there is a bug if doubled is greater than 9 #1931

zheli-1 opened this issue Feb 21, 2020 · 1 comment


Copy link

zheli-1 commented Feb 21, 2020

The following command will recreate the bug.
nmap --script http-grep --script-args 'http-grep.builtins ={"discover"}, http-grep.url="/432894489680891189865518341201629552984/snippets.gtl?uid=zl3"'
the host is up recreate it anytime.

When will it happen and why
There is a bug if doubled is greater than 9. doubled is not gsubbed correctly after line 160
doubled = string.gsub(doubled,'(%d)(%d)',function(a,b)return a+b end)
for example if doubled = 14, after the line above double will be 5.0.0
and it is added to s2 so it will raise the error as below:

NSE: http-grep against ( threw an error!
/home/zheli/nmap_no_interning/nmap/scripts/http-grep.nse:189: attempt to perform arithmetic on a string value (local 'doubled')

the line number is different because I print some debug info in my local file.

Copy link

zheli-1 commented Feb 22, 2020

This is my pull request fixing this bug. I can't find a way to link them together...

@nnposter nnposter self-assigned this Mar 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants