Script http-adobe-coldfusion-apsa1301

Script types: portrule
Categories: exploit, vuln
Download: https://svn.nmap.org/nmap/scripts/http-adobe-coldfusion-apsa1301.nse

Script Summary

Attempts to exploit an authentication bypass vulnerability in Adobe Coldfusion servers to retrieve a valid administrator's session cookie.

Reference:

See also:

Script Arguments

http-adobe-coldfusion-apsa1301.basepath

URI path to administrator.cfc. Default: /CFIDE/adminapi/

slaxml.debug

See the documentation for the slaxml library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

  • nmap -sV --script http-adobe-coldfusion-apsa1301 <target>
  • nmap -p80 --script http-adobe-coldfusion-apsa1301 --script-args basepath=/cf/adminapi/ <target>
    

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-adobe-coldfusion-apsa1301:
|_  admin_cookie: aW50ZXJhY3RpdmUNQUEyNTFGRDU2NzM1OEYxNkI3REUzRjNCMjJERTgxOTNBNzUxN0NEMA1jZmFkbWlu

Requires


Author:

  • Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html