From 065aa78596423d779ea95c39e3e93b78b7382aa2 Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 20 Feb 2014 21:37:05 +0000 Subject: [PATCH] Fix a crash in http-xssed when scanning an IP addr or range http-xssed unconditionally used host.targetname, which is only set when the target is specified as a name, not an IP address or range. Now we prefer the targetname, but fall back to the reverse-dns name, and finally to the IP address. Perhaps we should be more strict, if xssed.com only allows domain names, for instance? --- scripts/http-xssed.nse | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/http-xssed.nse b/scripts/http-xssed.nse index 780a92380..3c32bb54d 100644 --- a/scripts/http-xssed.nse +++ b/scripts/http-xssed.nse @@ -46,7 +46,7 @@ action = function(host, port) local fixed, unfixed - local target = XSSED_SEARCH .. host.targetname + local target = XSSED_SEARCH .. (host.targetname or host.name or host.ip) -- Only one instantiation of the script should ping xssed at once. local mutex = nmap.mutex("http-xssed")