File http-majordomo2-dir-traversal
Script types:
portrule
Categories:
intrusive, vuln, exploit
Download: http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse
User Summary
Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).
Vulnerability originally discovered by Michael Brooks.
For more information about this vulnerability:
- http://www.mj2.org/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
- http://www.exploit-db.com/exploits/16103/
Script Arguments
http-majordomo2-dir-traversal.rfile
Remote file to download. Default: /etc/passwd
http-majordomo2-dir-traversal.uri
URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr
http-majordomo2-dir-traversal.outfile
If set it saves the remote file to this location.
Other arguments you might want to use with this script:
- http.useragent - Sets user agent
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap -p80 --script http-majordomo2-dir-traversal <host/ip>
Script Output
PORT STATE SERVICE 80/tcp open http syn-ack | http-majordomo2-dir-traversal: /etc/passwd was found: | | root:x:0:0:root:/root:/bin/bash | bin:x:1:1:bin:/bin:/sbin/nologin |
Requires
Author: Paulino Calderon
License: Same as Nmap--See http://nmap.org/book/man-legal.html