http-vuln-cve2010-2861
脚本使用类型:
portrule
脚本所属分类:
intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/http-vuln-cve2010-2861.nse
Executes a directory traversal attack against a ColdFusion server and tries to grab the password hash for the administrator user. It then uses the salt value (hidden in the web page) to create the SHA1 HMAC hash that the web server needs for authentication as admin. You can pass this value to the ColdFusion server as the admin without cracking the password hash.
执行格式
nmap --script http-vuln-cve2010-2861 <host>
80/tcp open http | http-vuln-cve2010-2861: | VULNERABLE: | Adobe ColdFusion enter.cfm Traversal password.properties Information Disclosure | State: VULNERABLE | IDs: CVE:CVE-2010-2861 OSVDB:67047 | Description: | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion | 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter | Disclosure date: 2010-08-10 | Extra information: | | ColdFusion8 | HMAC: d6914bef568f8931d0c696cd5f7748596f97db5d | Salt: 1329446896585 | Hash: 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8 | | References: | http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking | http://www.nessus.org/plugins/index.php?view=single&id=48340 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861 |_ http://osvdb.org/67047 This script relies on the service being identified as HTTP or HTTPS. If the ColdFusion server you run this against is on a port other than 80/tcp or 443/tcp then use "nmap -sV" so that nmap discovers the port as an HTTP server.
Author: Micah Hoffman
License: VER007 整理 http://www.ver007.com