File http-majordomo2-dir-traversal

脚本使用类型: portrule
脚本所属分类: intrusive, vuln, exploit
脚本下载地址: http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse

User Summary

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

Vulnerability originally discovered by Michael Brooks.

For more information about this vulnerability:

• http://www.mj2.org/
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
• http://www.exploit-db.com/exploits/16103/

Script Arguments

http-majordomo2-dir-traversal.rfile

Remote file to download. Default: /etc/passwd

http-majordomo2-dir-traversal.uri

URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr

http-majordomo2-dir-traversal.outfile

If set it saves the remote file to this location.

Other arguments you might want to use with this script:

• http.useragent - Sets user agent

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

Script Output

PORT   STATE SERVICE 
80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
| 
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin
|  

Requires

• http
• io
• shortport
• stdnse
• string

Author: Paulino Calderon

License: VER007 整理 http://www.ver007.com