Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 16 Feb 2012 22:22:50 +0100
On Thu, Feb 16, 2012 at 7:09 PM, Micah <micah.hoffman () gmail com> wrote:


This attack and the NSE script I wrote works against ColdFusion 6, 7, and
8. The version on Adobe's web site is 9 I think. Might not be vulnerable.

--- Micah



Hi Micah,

There actually was a vulnerable 8.0.1 version available for download too.
I was able to test the script against that and have made some small fixes
too it.
I'm attaching a copy of the script with my changes.

I think it would be good if the script made use of the existing vuln
library so that we have consistent script output.
Would you mind adding that? You can have a look at one of the
http-vuln-cve* scripts to see how it's done.

Oh, and nice job btw!

Thanks,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77

Attachment: http-coldfusion-dir-traversal.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: