http-majordomo2-dir-traversal
脚本使用类型:
portrule
脚本所属分类:
intrusive, vuln, exploit
脚本下载地址: http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse
Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).
Vulnerability originally discovered by Michael Brooks.
For more information about this vulnerability:
Remote file to download. Default: /etc/passwd
URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr
If set it saves the remote file to this location.
Other arguments you might want to use with this script:
执行格式
nmap -p80 --script http-majordomo2-dir-traversal <host/ip>
PORT STATE SERVICE 80/tcp open http syn-ack | http-majordomo2-dir-traversal: /etc/passwd was found: | | root:x:0:0:root:/root:/bin/bash | bin:x:1:1:bin:/bin:/sbin/nologin |
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com