1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
# Version 0.3 # 2012-02-05 #
# Added header match. Updated matches. Updated version detection.
##
# Version 0.2 # 2011-04-25 #
# Added cookie matches
##
Plugin.define "ColdFusion" do
author "Brendan Coles <bcoles@gmail.com>" # 2010-08-15
version "0.3"
description "Adobe ColdFusion application server and software enables developers to rapidly build, deploy, and maintain robust Internet applications for the enterprise. - homepage: http://www.adobe.com/products/coldfusion/"
# ShodanHQ results as at 2012-02-05 #
# 6,536 for page-completion-status
# 529 for page-completion-status Abnormal
# Google results as at 2011-04-25 #
# 30 for intitle:"ColdFusion Administrator Login"
# 72 for intitle:"Login / Admin Area" ext:cfm
# Dorks #
dorks [
'intitle:"ColdFusion Administrator Login"'
]
# Examples #
examples %w|
asb.co.uk
online.ctcd.edu/cfadmin/datasources/
pegismap.penang.gov.my/PENANG/CFIDE/administrator/index.cfm
sfsa.tiktak.ch/index.cfm
testing.ctc-disted.net/cfadmin/
www.104boss.com.tw/alliance/CFIDE/administrator/index.cfm
www.aarc.org/CFIDE_old1/administrator/index.cfm
www.aarc.org/CFIDE/administrator/index.cfm
www.frrp.org.uk
www.gordonresponse.dpc.wa.gov.au
www.koopa-adv.de
mawsonlakeseyespecialists.com
trainingroom.microassist.com/trainingroom/
216.119.105.39
62.197.33.6
64.224.49.56
208.71.18.247
98.131.153.24
65.163.101.132
216.197.120.137
207.36.90.226
12.42.70.81
|
# Matches #
matches [
# Admin Page # Title
{ :text=>' <title>ColdFusion Administrator Login</title>' },
# Admin Page # Meta Author
{ :regexp=>/<meta name="Author" content="Copyright (\(c\)\ )?[0-9]{4}-[0-9]{4} Macromedia( Corp|, Inc)\. All rights reserved\.">/ },
# Admin Page # JavaScript
{ :text=>" { document.write(\"<link rel='STYLESHEET' type='text/css' href='./cfadmin_ns.css'>\");}" },
# Admin Page # Form
{ :text=>'<form name="loginform" action="./enter.cfm" method="POST" onSubmit="cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));" >' },
# Admin Page # input name="cfadminPassword"
{ :text=>'<input name="cfadminPassword" type="Password" size="15" style="width:15em;" class="label" maxlength="100" id="admin_login">' },
# Admin Page # Copyright text
{ :text=>' Macromedia, the Macromedia logo, Macromedia ColdFusion and ColdFusion are<br />' },
# Admin Page # Logo HTML
{ :text=>' <tr><td><img src="./images/mx_copyrframe.gif" width="2" height="57" border="0" alt="ColdFusion MX" hspace="10"></td>' },
# /CFIDE/administrator/images/loginbackground.jpg # Version 9.x
{ :url=>'/CFIDE/administrator/images/loginbackground.jpg', :md5=>"596b3fc4f1a0b818979db1cf94a82220", :version=>"9.x" },
# /CFIDE/administrator/images/AdminColdFusionLogo.gif # Version 7.x
{ :url=>"/CFIDE/administrator/images/AdminColdFusionLogo.gif", :md5=>"620b2523e4680bf031ee4b1538733349", :version=>"7.x" },
# page-completion-status Header
{ :search=>"headers[page-completion-status]", :certainty=>75, :regexp=>/(Abnormal|Normal)/ },
# Set-Cookie # /CFAUTHORIZATION_cfadmin=/
{ :search=>"headers[set-cookie]", :regexp=>/CFAUTHORIZATION_cfadmin=/ },
]
# Passive #
def passive
m=[]
# CFID and CFTOKEN cookie
if @headers["set-cookie"]=~ /CFID=/ and @headers["set-cookie"]=~ /CFTOKEN=/
m << { :name=>"CFID and CFTOKEN cookie" }
end
# Version detection using admin panel text
if @body =~ /Enter your RDS or Admin password below/
if @body =~ /Version:[\s]*([^<]+)<\/strong><br \/>/
m << { :version=>"#{$1}".gsub(/,/, ".") }
end
end
# Return passive matches
m
end
end
|
