Mailing List Archive

Great,

I have tested a real site with ?Mode=debug. It works.

Can I suggest you some modification?

1/ replace
if("CF_TEMPLATE_PATH" >< r)security_hole(port);
close(soc);

by

close(soc);
if("CF_TEMPLATE_PATH" >< r)
{
security_hole(port);
exit(0);
}
So the vulnerability is notified just one time.

2/ change the order of dirs ("/" in first) ???
remove dir[7] = string(cgibin(), "/"); (no change to find a cf page there)
is it necessary to test all those url ?

3/ add "httpver.nasl" in depedencies for virtual host request


Georges Dagousset




----- Original Message -----
From: "Felix Huber" <huberfelix@webtopia.de>
To: <plugins-writers@list.nessus.org>; "Renaud Deraison"
<deraison@cvs.nessus.org>
Sent: Wednesday, November 07, 2001 4:46 PM
Subject: New Script


Hi everybody,

just wrote a plugin for a ColdFusion Debug Bug

You can try the script against this box:
http://www.pit-stop.de/index.cfm
http://www.pit-stop.de/index.cfm?Mode=debug


Regards,
Felix Huber


-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix@webtopia.de (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------

> I have tested a real site with ?Mode=debug. It works.


> close(soc);
> if("CF_TEMPLATE_PATH" >< r)
> {
> security_hole(port);
> exit(0);
> }
> So the vulnerability is notified just one time.

good point

>
> 2/ change the order of dirs ("/" in first) ???
> remove dir[7] = string(cgibin(), "/"); (no change to find a cf page there)
> is it necessary to test all those url ?

[7] should stay ... there is a still a cgi version of coldfusion

> 3/ add "httpver.nasl" in depedencies for virtual host request

done.

updated version is attached.


Regards,
Felix Huber


-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix@webtopia.de (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------

>
>
> Georges Dagousset
>
>
>
>
> ----- Original Message -----
> From: "Felix Huber" <huberfelix@webtopia.de>
> To: <plugins-writers@list.nessus.org>; "Renaud Deraison"
> <deraison@cvs.nessus.org>
> Sent: Wednesday, November 07, 2001 4:46 PM
> Subject: New Script
>
>
> Hi everybody,
>
> just wrote a plugin for a ColdFusion Debug Bug
>
> You can try the script against this box:
> http://www.pit-stop.de/index.cfm
> http://www.pit-stop.de/index.cfm?Mode=debug
>
>
> Regards,
> Felix Huber
>
>
> -------------------------------------------------------
> Felix Huber, Security Consultant, Webtopia
> Guendlinger Str.2, 79241 Ihringen - Germany
> huberfelix@webtopia.de (07668) 951 156 (phone)
> http://www.webtopia.de (07668) 951 157 (fax)
> (01792) 205 724 (mobile)
> -------------------------------------------------------
>
>
>

minor typo - sorry

----- Original Message -----
From: "Felix Huber" <huberfelix@webtopia.de>
To: "Georges Dagousset" <georges.dagousset@alert4web.com>;
<plugins-writers@list.nessus.org>
Sent: Wednesday, November 07, 2001 6:28 PM
Subject: Re: New Script


> > I have tested a real site with ?Mode=debug. It works.
>
> ....