Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803545 |
Kategorie: | Nmap NSE |
Titel: | Nmap NSE 6.01: http-passwd |
Zusammenfassung: | Checks if a web server is vulnerable to directory traversal by attempting to retrieve;'/etc/passwd' or '\boot.ini'.;;The script uses several technique:;; * Generic directory traversal by requesting paths like '../../../../etc/passwd'.;; * Known specific traversals of several web servers.;; * Query string traversal. This sends traversals as query string parameters to paths that look like they;refer to a local file name. The potential query is searched for in at the path controlled by the;script argument 'http-passwd.root'.;;SYNTAX:;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;http-passwd.root: Query string tests will be done relative to this path.;The default value is '/'. Normally the value should contain a;leading slash. The queries will be sent with a trailing encoded null byte to;evade certain checks. See the references for more information. |
Beschreibung: | Summary: Checks if a web server is vulnerable to directory traversal by attempting to retrieve '/etc/passwd' or '\boot.ini'. The script uses several technique: * Generic directory traversal by requesting paths like '../../../../etc/passwd'. * Known specific traversals of several web servers. * Query string traversal. This sends traversals as query string parameters to paths that look like they refer to a local file name. The potential query is searched for in at the path controlled by the script argument 'http-passwd.root'. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). http-max-cache-size: The maximum memory size (in bytes) of the cache. http-passwd.root: Query string tests will be done relative to this path. The default value is '/'. Normally the value should contain a leading slash. The queries will be sent with a trailing encoded null byte to evade certain checks. See the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Copyright | Copyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |