Script http-adobe-coldfusion-apsa1301

Script types: portrule
Categories: exploit, vuln
Download: https://svn.nmap.org/nmap/scripts/http-adobe-coldfusion-apsa1301.nse

Script Summary

Attempts to exploit an authentication bypass vulnerability in Adobe Coldfusion servers to retrieve a valid administrator's session cookie.

Reference:

• APSA13-01: http://www.adobe.com/support/security/advisories/apsa13-01.html

See also:

• http-coldfusion-subzero.nse
• http-vuln-cve2009-3960.nse
• http-vuln-cve2010-2861.nse

Script Arguments

http-adobe-coldfusion-apsa1301.basepath

URI path to administrator.cfc. Default: /CFIDE/adminapi/

slaxml.debug

See the documentation for the slaxml library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

• nmap -sV --script http-adobe-coldfusion-apsa1301 <target>

• nmap -p80 --script http-adobe-coldfusion-apsa1301 --script-args basepath=/cf/adminapi/ <target>
  

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-adobe-coldfusion-apsa1301:
|_  admin_cookie: aW50ZXJhY3RpdmUNQUEyNTFGRDU2NzM1OEYxNkI3REUzRjNCMjJERTgxOTNBNzUxN0NEMA1jZmFkbWlu

Requires

• http
• shortport
• stdnse
• url

---

Author:

• Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html