logo
DATABASE RESOURCES PRICING ABOUT US

http-majordomo2-dir-traversal NSE Script

Description

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). Vulnerability originally discovered by Michael Brooks. For more information about this vulnerability: * <http://www.mj2.org/> * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049> * <http://www.exploit-db.com/exploits/16103/> ## Script Arguments #### http-majordomo2-dir-traversal.rfile Remote file to download. Default: /etc/passwd #### http-majordomo2-dir-traversal.uri URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr #### http-majordomo2-dir-traversal.outfile If set it saves the remote file to this location. Other arguments you might want to use with this script: * http.useragent - Sets user agent #### slaxml.debug See the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. #### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent See the documentation for the [http](<../lib/http.html#script-args>) library. #### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. ## Example Usage nmap -p80 --script http-majordomo2-dir-traversal <host/ip> ## Script Output PORT STATE SERVICE 80/tcp open http syn-ack | http-majordomo2-dir-traversal: /etc/passwd was found: | | root:x:0:0:root:/root:/bin/bash | bin:x:1:1:bin:/bin:/sbin/nologin | ## Requires * [http](<../lib/http.html>) * [io](<>) * [shortport](<../lib/shortport.html>) * [stdnse](<../lib/stdnse.html>) * [string](<>) * [table](<>) * * *


Related