Add mysql-vuln-cve2017-3599.nse. #877
Conversation
|
I guess it would be better to use string library instead of bin in your code. There were many commits in the master branch also which moved the code from bin to string library. So I think its better to follow the standards of coding. |
|
Thank you for your comment. I've updated the patch to use lua's string.pack() instead. No regression introduced by this patch: systemd[1]: mysql.service: Main process exited, code=exited, status=2/INVALIDARGUMENT |
|
Please update https://secwiki.org/w/Nmap/Script_Ideas#mysql-vuln-cve2017-3599.nse after this pull request has been processed, thanks. |
rewanthtammana
left a comment
There was a problem hiding this comment.
Please make the following changes.
| @@ -0,0 +1,69 @@ | |||
| description=[[ | |||
There was a problem hiding this comment.
The order of code isn't correct.
local vulns = require "vulns"
description = [[]]
-- @usage
-- @output
Follow this order in your code or checkout other scripts for reference purpose.
|
|
||
|
|
||
| if not status then | ||
| return false |
There was a problem hiding this comment.
Use only 2 spaces for indentation purposes.
| if not status then | ||
| return false | ||
| else | ||
| return true |
There was a problem hiding this comment.
Instead of return true / false, use the vulns library to format the output.
References: https://nmap.org/nsedoc/lib/vulns.html
Or check http-vuln-cve* scripts for better understanding.
Tested & confirmed to crash Oracle MySQL 5.7.16 on Linux: logan-HP-620 systemd[1]: mysql.service: Main process exited, code=exited, status=2/INVALIDARGUMENT