Land rapid7#1872, @wchen-r7's improvement of cold_fusion_version

jvazquez-r7 · jvazquez-r7 · commit a486fff9a4cf · 2013-05-28T16:35:45.000-05:00
diff --git a/modules/auxiliary/scanner/http/cold_fusion_version.rb b/modules/auxiliary/scanner/http/cold_fusion_version.rb
@@ -17,9 +17,14 @@ def initialize
 		super(
 			'Name'        => 'ColdFusion Version Scanner',
 			'Description' => %q{
-					This module attempts identify various flavors of ColdFusion as well as the underlying OS
+				This module attempts identify various flavors of ColdFusion up to version 10
+				as well as the underlying OS.
 			},
-			'Author'      => [ 'nebulus' ],
+			'Author'      =>
+				[
+					'nebulus',  # Original
+					'sinn3r'    # Fingerprint() patch for Cold Fusion 10
+				],
 			'License'     => MSF_LICENSE
 		)
 	end
@@ -30,7 +35,7 @@ def fingerprint(response)
 			if(response.headers['Server'] =~ /IIS/ or response.headers['Server'] =~ /\(Windows/)
 				os = "Windows (#{response.headers['Server']})"
 			elsif(response.headers['Server'] =~ /Apache\//)
-					os = "Unix (#{response.headers['Server']})"
+				os = "Unix (#{response.headers['Server']})"
 			else
 				os = response.headers['Server']
 			end
@@ -43,7 +48,8 @@ def fingerprint(response)
 			title = $1
 			title.gsub!(/\s/, '')
 		end
-		return nil  if( title == 'Not Found' or not title =~ /ColdFusionAdministrator/)
+
+		return nil if( title == 'Not Found' or not title =~ /ColdFusionAdministrator/)
 
 		out = nil
 
@@ -54,8 +60,12 @@ def fingerprint(response)
 			out = "Adobe ColdFusion MX7"
 		elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2006 Adobe/)
 			out = "Adobe ColdFusion 8"
+		elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2010 Adobe/ and
+			response.body =~ /1997\-2012 Adobe Systems Incorporated and its licensors/)
+			out = "Adobe ColdFusion 10"
 		elsif(response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2010 Adobe/ or
-			response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2009 Adobe Systems\, Inc\. All rights reserved/)
+			response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1995\-2009 Adobe Systems\, Inc\. All rights reserved/ or
+			response.body =~ /<meta name=\"Author\" content=\"Copyright \(c\) 1997\-2012 Adobe Systems\, Inc\. All rights reserved/)
 			out = "Adobe ColdFusion 9"
 		elsif(response.body =~ /<meta name=\"Keywords\" content=\"(.*)\">\s+<meta name/)
 			out = $1.split(/,/)[0]
@@ -76,8 +86,8 @@ def run_host(ip)
 		url = '/CFIDE/administrator/index.cfm'
 
 		res = send_request_cgi({
-				'uri' => url,
-				'method' => 'GET',
+			'uri' => url,
+			'method' => 'GET',
 		})
 
 		return if not res or not res.body or not res.code
