########################################################################################## # Cold Fusion checks and Cold Fusion's directory checks scan rule for arirang # included whisker's Cold Fusion Checks and David(A.K.A AnOnYmUs)'s information # # thanks rfp, David # # Cold Fusion scan uxe by pilot # # # # vendor homepage : http://www.allaire.com/support/index.cfm ########################################################################################## ########## Cold Fusion checks ################################### #directory check 403-> GET :/cfdocs/^/cfdocs/;; 403-> GET :/cfide/^/cfide/;; 403-> GET :/cfappman/^/cfappman/;; 403-> GET :/cfdocs/examples/^/cfdocs/examples/;; 403-> GET :/cfdocs/exampleapp/^/cfdocs/exampleapp/;; 403-> GET :/cfide/Administrator/^/cfide/Administrator/;; 403-> GET :/cfdocs/snippets/^/cfdocs/snippets/;; 200 OK-> GET :/cfdocs/expeval/openfile.cfm^/cfdocs/expeval/openfile.cfm;; 200 OK-> GET :/cfdocs/expeval/ExprCalc.cfm^/cfdocs/expeval/ExprCalc.cfm;; 200 OK-> GET :/cfdocs/expeval/displayopenedfile.cfm^/cfdocs/expeval/displayopenedfile.cfm;; 200 OK-> GET :/getFile.cfm^/getFile.cfm;; 200 OK-> GET :/cfide/administrator/index.cfm^/cfide/administrator/index.cfm;; 200 OK-> GET :/CFIDE/Administrator/startstop.html^/CFIDE/Administrator/startstop.html;; 200 OK-> GET :/page.cfm^/page.cfm;; 200 OK-> GET :/cfdocs/zero.cfm^/cfdocs/zero.cfm;; 200 OK-> GET :/cfdocs/root.cfm^/cfdocs/root.cfm;; 200 OK-> GET :/cfdocs/expressions.cfm^/cfdocs/expressions.cfm;; 200 OK-> GET :/cfdocs/TOXIC.CFM^/cfdocs/TOXIC.CFM;; 200 OK-> GET :/cfdocs/MOLE.CFM^/cfdocs/MOLE.CFM;; 200 OK-> GET :/cfdocs/cfcache.map^/cfdocs/cfcache.map;; 200 OK-> GET :/cfdocs/cfcache.map^/cfdocs/cfcache.map;; 200 OK-> GET :/cfdocs/cfmlsyntaxcheck.cfm^/cfdocs/cfmlsyntaxcheck.cfm;; #info can be used for a DoS on the server by requesting in check all .exe's 200 OK-> GET :/cfide/Administrator/startstop.html^/cfide/Administrator/startstop.html;; #info can start/stop the server...w00h00 200 OK-> GET :/cfdocs/snippets/evaluate.cfm^/cfdocs/snippets/evaluate.cfm;; #info can enter CF code to be evaluated, or create denial of service #info see www.allaire.com/security/ technical papers and advisories for info 200 OK-> GET :/cfdocs/snippets/fileexists.cfm^/cfdocs/snippets/fileexists.cfm;; #info can be used to verify the existance of files (on the same drive #info as the web tree/file) 200 OK-> GET :/cfdocs/snippets/gettempdirectory.cfm^/cfdocs/snippets/gettempdirectory.cfm;; #info depending on install, creates files, gives you physical drive info #info sometimes defaults to \winnt\ directory as temp directory 200 OK-> GET :/cfdocs/snippets/viewexample.cfm^/cfdocs/snippets/viewexample.cfm;; #info this can be used to view .cfm files #info request viewexample.cfm?Tagname=..\..\..\file (.cfm is assumed) 200 OK-> GET :/cfdocs/exampleapp/docs/sourcewindow.cfm^/cfdocs/exampleapp/docs/sourcewindow.cfm;; #info allows to view any file #info request sourcewindow.cfm?Template=c:\boot.ini 200 OK-> GET :/cfdocs/exampleapp/publish/admin/addcontent.cfm^/cfdocs/exampleapp/publish/admin/addcontent.cfm;; 200 OK-> GET :/cfdocs/exampleapp/email/getfile.cfm^/cfdocs/exampleapp/email/getfile.cfm;; #info getfile.cfm?filename=c:\boot.ini 200 OK-> GET :/cfdocs/exampleapp/publish/admin/application.cfm^/cfdocs/exampleapp/publish/admin/application.cfm;; 200 OK-> GET :/cfdocs/exampleapp/email/application.cfm^/cfdocs/exampleapp/email/application.cfm;; 200 OK-> GET :/cfdocs/expeval/exprcalc.cfm^/cfdocs/expeval/exprcalc.cfm;; #info allows to view any file #info request exprcalc.cfm?OpenFilePath=c:\boot.ini 200 OK-> GET :/cfdocs/expeval/sendmail.cfm^/cfdocs/expeval/sendmail.cfm;; #info can be used to send email (duh); go to the page and fill in the form 200 OK-> GET :/cfdocs/examples/httpclient/mainframeset.cfm^/cfdocs/examples/httpclient/mainframeset.cfm;; 200 OK-> GET :/cfdocs/examples/cvbeans/beaninfo.cfm^/cfdocs/examples/cvbeans/beaninfo.cfm;; #info see RFP9901 200 OK-> GET :/cfdocs/examples/parks/detail.cfm^/cfdocs/examples/parks/detail.cfm;; #info see RFP9901 200 OK-> GET :/cfappman/index.cfm^/cfappman/index.cfm;; #info see RFP9901 200 OK-> GET :/cgi-bin/dbmlparser.exe^/cgi-bin/dbmlparser.exe;; ############## End Cold Fusion checks #######################################################