Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803531 |
Kategorie: | Nmap NSE |
Titel: | Nmap NSE 6.01: http-userdir-enum |
Zusammenfassung: | Attempts to enumerate valid usernames on web servers running with the mod_userdir module or similar;enabled.;;The Apache mod_userdir module allows user-specific directories to be accessed using the;http://example.com/~user/ syntax. This script makes http requests in order to discover valid user-;specific directories and infer valid usernames. By default, the script will use Nmap's;'nselib/data/usernames.lst'. An HTTP response status of 200 or 403 means the username is;likely a valid one and the username will be output in the script results along with the status code;(in parentheses).;;This script makes an attempt to avoid false positives by requesting a directory which is unlikely to;exist. If the server responds with 200 or 403 then the script will not continue testing it.;;SYNTAX:;;userdir.users: The filename of a username list.;;limit: The maximum number of users to check.;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored). |
Beschreibung: | Summary: Attempts to enumerate valid usernames on web servers running with the mod_userdir module or similar enabled. The Apache mod_userdir module allows user-specific directories to be accessed using the http://example.com/~ user/ syntax. This script makes http requests in order to discover valid user- specific directories and infer valid usernames. By default, the script will use Nmap's 'nselib/data/usernames.lst'. An HTTP response status of 200 or 403 means the username is likely a valid one and the username will be output in the script results along with the status code (in parentheses). This script makes an attempt to avoid false positives by requesting a directory which is unlikely to exist. If the server responds with 200 or 403 then the script will not continue testing it. SYNTAX: userdir.users: The filename of a username list. limit: The maximum number of users to check. http-max-cache-size: The maximum memory size (in bytes) of the cache. http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-1013 BugTraq ID: 3335 http://www.securityfocus.com/bid/3335 Bugtraq: 20010912 Is there user Anna at your host ? (Google Search) http://www.securityfocus.com/archive/1/213667 http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html XForce ISS Database: linux-apache-username-exists(7129) https://exchange.xforce.ibmcloud.com/vulnerabilities/7129 |
Copyright | Copyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |