Skip to content

Commit 8ab90e6

Browse files
wchen-r7wchen-r7
committed
Adds a check for Cold Fusion 10
1 parent 9843dc4 commit 8ab90e6

File tree

1 file changed

+34
-2
lines changed

1 file changed

+34
-2
lines changed

modules/auxiliary/scanner/http/cold_fusion_version.rb

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,40 @@ def initialize
1717
super(
1818
'Name' => 'ColdFusion Version Scanner',
1919
'Description' => %q{
20-
This module attempts identify various flavors of ColdFusion as well as the underlying OS
20+
This module attempts identify various flavors of ColdFusion such as version 9
21+
and 10, as well as the underlying OS.
2122
},
22-
'Author' => [ 'nebulus' ],
23+
'Author' =>
24+
[
25+
'nebulus', # Original
26+
'sinn3r' # Fingerprint() patch for Cold Fusion 10
27+
],
2328
'License' => MSF_LICENSE
2429
)
2530
end
2631

32+
33+
#
34+
# Checks loginbackground.jpg for Cold Fusion 10. This is a patch to be able to detect
35+
# Cold Fusion 10 correctly. We haven't been able to replace fingerprint(), because we
36+
# don't have all the MD5s for loginbackground.jpg, not to mention some versions don't
37+
# actually have it.
38+
#
39+
def cf10?
40+
res = send_request_cgi({
41+
'uri' => '/CFIDE/administrator/images/loginbackground.jpg',
42+
'method' => 'GET'
43+
})
44+
45+
# Not the response we want at all, then let's assume it's not cf10
46+
return false if not res or res.code.to_i != 200
47+
48+
jpg_md5 = Rex::Text.md5(res.body)
49+
return true if jpg_md5 == 'a4c81b7a6289b2fc9b36848fa0cae83c'
50+
51+
false
52+
end
53+
2754
def fingerprint(response)
2855

2956
if(response.headers.has_key?('Server') )
@@ -47,13 +74,18 @@ def fingerprint(response)
4774

4875
out = nil
4976

77+
78+
5079
if(response.body =~ />\s*Version:\s*(.*)<\/strong\><br\s\//)
5180
v = $1
5281
out = (v =~ /^6/) ? "Adobe ColdFusion MX6 #{v}" : "Adobe ColdFusion MX7 #{v}"
5382
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright 1995\-2012 Adobe/ and response.body =~ /Administrator requires a browser that supports frames/ )
5483
out = "Adobe ColdFusion MX7"
5584
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2006 Adobe/)
5685
out = "Adobe ColdFusion 8"
86+
elsif cf10?
87+
# Must check for Cold Fusion 10 before 9 to avoid FP
88+
out = "Adobe ColdFusion 10"
5789
elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2010 Adobe/ or
5890
response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2009 Adobe Systems\, Inc\. All rights reserved/)
5991
out = "Adobe ColdFusion 9"

0 commit comments

Comments
 (0)