Script http-majordomo2-dir-traversal

Script types: portrule
Categories: intrusive, vuln, exploit
Download: https://svn.nmap.org/nmap/scripts/http-majordomo2-dir-traversal.nse

Script Summary

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

Vulnerability originally discovered by Michael Brooks.

For more information about this vulnerability:

• http://www.mj2.org/
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
• http://www.exploit-db.com/exploits/16103/

Script Arguments

http-majordomo2-dir-traversal.rfile

Remote file to download. Default: /etc/passwd

http-majordomo2-dir-traversal.uri

URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr

http-majordomo2-dir-traversal.outfile

If set it saves the remote file to this location.

Other arguments you might want to use with this script:

• http.useragent - Sets user agent

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

Script Output

PORT   STATE SERVICE
80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
|
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin
|

Requires

• http
• io
• shortport
• stdnse
• string
• table

---

Author:

• Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

host

 

port