Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-coldfusion-subzero

Script types: portrule
Categories: exploit
Download: http://nmap.org/svn/scripts/http-coldfusion-subzero.nse

User Summary

Attempts to retrieve version, absolute path of administration panel and the file 'password.properties' from vulnerable installations of ColdFusion 9 and 10.

This was based on the exploit 'ColdSub-Zero.pyFusion v2'.

Script Arguments

http-coldfusion-subzero.basepath

Base path. Default: /.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

  • nmap -sV --script http-coldfusion-subzero <target>
  • nmap -p80 --script http-coldfusion-subzero --script-args basepath=/cf/ <target>
    

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-coldfusion-subzero:
|   absolute_path: C:\inetpub\wwwroot\CFIDE\adminapi\customtags
|   version: 9
|   password_properties: #Fri Mar 02 17:03:01 CST 2012
| rdspassword=
| password=AA251FD567358F16B7DE3F3B22DE8193A7517CD0
|_encrypted=true

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault