Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.104038
Category:Nmap NSE net
Title:Nmap NSE net: http-passwd
Summary:Checks if a web server is vulnerable to directory traversal by attempting to retrieve;'/etc/passwd' or '\boot.ini'.;;The script uses several technique: * Generic directory traversal by requesting paths like;'../../../../etc/passwd'. * Known specific traversals of several web servers. * Query;string traversal. This sends traversals as query string parameters to paths that look like they;refer to a local file name. The potential query is searched for in at the path controlled by the;script argument 'http-passwd.root'.;;SYNTAX:;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;http-passwd.root: Query string tests will be done relative to this path.;The default value is '/'. Normally the value should contain a;leading slash. The queries will be sent with a trailing encoded null byte to;evade certain checks.
Description:Summary:
Checks if a web server is vulnerable to directory traversal by attempting to retrieve
'/etc/passwd' or '\boot.ini'.

The script uses several technique: * Generic directory traversal by requesting paths like
'../../../../etc/passwd'. * Known specific traversals of several web servers. * Query
string traversal. This sends traversals as query string parameters to paths that look like they
refer to a local file name. The potential query is searched for in at the path controlled by the
script argument 'http-passwd.root'.

SYNTAX:

http.pipeline: If set, it represents the number of HTTP requests that'll be
pipelined (ie, sent in a single request). This can be set low to make
debugging easier, or it can be set high to test how a server reacts (its
chosen max is ignored).

http-max-cache-size: The maximum memory size (in bytes) of the cache.

http-passwd.root: Query string tests will be done relative to this path.
The default value is '/'. Normally the value should contain a
leading slash. The queries will be sent with a trailing encoded null byte to
evade certain checks.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2011 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.