Create http-mcmp.nse #304

Closed
wants to merge 2 commits into
from

Projects

None yet

2 participants

@FrankSpierings

Checks if the webserver allows mod_cluster management protocol (MCMP) methods.
This is a potential open proxy, or mitm vulnerability.

@FrankSpierings FrankSpierings Create http-mcmp.nse
Checks if the webserver allows mod_cluster management protocol (MCMP) methods. 
This is a potential open proxy, or mitm vulnerability.
2b6e54a
@h4ck3rk3y

Hi,

In general while writing scripts you should use stdnse.output_table() instead of the output_lines table for outputs, this allows the output to be properly formatted.

As this is a vulnerability script you are better of using the vulns library which generates a nicely formatted vulnerability report table. Also, where have you used the exception handler declared on line 38?

Also, can we have better checks that can reduce a set of false positives? Many servers are configured to return 200 for any method, this comment is for the DUMP request.

@FrankSpierings

I will check out the improvements for output and I will check the exception handler. These bits where copied from another script.

The DUMP will only execute after a succesful PING-RSP. Therefore this should not generate false positives. I haven't seen any thus far.

@FrankSpierings

I've implemented stdnse.output_table(). I removed the exception handler. I checked that other http modules did not use it either and therefore decided that it was unnecessary to implement it in this module. Please check if this is good enough for the main branch. Thanks in advance...

@h4ck3rk3y

Hi,
I am sorry if my comment wasn't clear. Generally stdnse.output_table() works but as this is a vuln script you are better of using the vulns library. The library generates a standard report used by many other scripts in Nmap.

Thanks!

@h4ck3rk3y

Hi,
I am sorry if my comment wasn't clear. Generally stdnse.output_table() works but as this is a vuln script you are better of using the vulns library. The library generates a standard report used by many other scripts in Nmap.

Thanks!

@FrankSpierings

It is a vulnerability in my opinion, because it allows redirecting the proxy traffic of a Mod_cluster host. It occurs because of a configuration error; not defining the hosts that are allowed to send these commands. Would this still count as a 'vuln' script? If so I will implement it the way you describe. (There is no cve that I'm aware of.)

Thanks!

@nmap-bot nmap-bot pushed a commit that closed this pull request Jun 25, 2016
@bonsaiviking bonsaiviking New script: http-mcmp. Closes #304 1c16a55
@nmap-bot nmap-bot closed this in 1c16a55 Jun 25, 2016
@tremblerz tremblerz added a commit to tremblerz/nmap that referenced this pull request Jul 20, 2016
@bonsaiviking @tremblerz bonsaiviking + tremblerz New script: http-mcmp. Closes #304 06ca809
@tremblerz tremblerz added a commit to tremblerz/nmap that referenced this pull request Jul 21, 2016
@bonsaiviking @tremblerz bonsaiviking + tremblerz New script: http-mcmp. Closes #304 7dbcab1
@batrick batrick pushed a commit to batrick/nmap that referenced this pull request Aug 2, 2016
@bonsaiviking bonsaiviking New script: http-mcmp. Closes #304
git-svn-id: https://svn.nmap.org/nmap@35914 e0a8ed71-7df4-0310-8962-fdc924857419
cc51835
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment