Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-majordomo2-dir-traversal

Script types: portrule
Categories: intrusive, vuln, exploit
Download: http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse

User Summary

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

Vulnerability originally discovered by Michael Brooks.

For more information about this vulnerability:

Script Arguments

http-majordomo2-dir-traversal.rfile

Remote file to download. Default: /etc/passwd

http-majordomo2-dir-traversal.uri

URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr

http-majordomo2-dir-traversal.outfile

If set it saves the remote file to this location.

Other arguments you might want to use with this script:

  • http.useragent - Sets user agent

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

Script Output

PORT   STATE SERVICE
80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
|
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin
|

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]