Nmap Development mailing list archives
Re: CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 16 Feb 2012 22:22:50 +0100
On Thu, Feb 16, 2012 at 7:09 PM, Micah <micah.hoffman () gmail com> wrote:
This attack and the NSE script I wrote works against ColdFusion 6, 7, and 8. The version on Adobe's web site is 9 I think. Might not be vulnerable. --- Micah
Hi Micah, There actually was a vulnerable 8.0.1 version available for download too. I was able to test the script against that and have made some small fixes too it. I'm attaching a copy of the script with my changes. I think it would be good if the script made use of the existing vuln library so that we have consistent script output. Would you mind adding that? You can have a look at one of the http-vuln-cve* scripts to see how it's done. Oh, and nice job btw! Thanks, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Attachment:
http-coldfusion-dir-traversal.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission Micah (Feb 10)
- Re: CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission Patrik Karlsson (Feb 16)
- Message not available
- Message not available
- Re: CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission Patrik Karlsson (Feb 16)
- Message not available
- Re: CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission Patrik Karlsson (Feb 16)