Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.803545
Kategorie:Nmap NSE
Titel:Nmap NSE 6.01: http-passwd
Zusammenfassung:Checks if a web server is vulnerable to directory traversal by attempting to retrieve;'/etc/passwd' or '\boot.ini'.;;The script uses several technique:;; * Generic directory traversal by requesting paths like '../../../../etc/passwd'.;; * Known specific traversals of several web servers.;; * Query string traversal. This sends traversals as query string parameters to paths that look like they;refer to a local file name. The potential query is searched for in at the path controlled by the;script argument 'http-passwd.root'.;;SYNTAX:;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;http-passwd.root: Query string tests will be done relative to this path.;The default value is '/'. Normally the value should contain a;leading slash. The queries will be sent with a trailing encoded null byte to;evade certain checks. See the references for more information.
Beschreibung:Summary:
Checks if a web server is vulnerable to directory traversal by attempting to retrieve
'/etc/passwd' or '\boot.ini'.

The script uses several technique:

* Generic directory traversal by requesting paths like '../../../../etc/passwd'.

* Known specific traversals of several web servers.

* Query string traversal. This sends traversals as query string parameters to paths that look like they
refer to a local file name. The potential query is searched for in at the path controlled by the
script argument 'http-passwd.root'.

SYNTAX:

http.pipeline: If set, it represents the number of HTTP requests that'll be
pipelined (ie, sent in a single request). This can be set low to make
debugging easier, or it can be set high to test how a server reacts (its
chosen max is ignored).

http-max-cache-size: The maximum memory size (in bytes) of the cache.

http-passwd.root: Query string tests will be done relative to this path.
The default value is '/'. Normally the value should contain a
leading slash. The queries will be sent with a trailing encoded null byte to
evade certain checks. See the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.