Adobe ColdFusion Unspecified Directory Traversal Vulnerability Scanner
The vulnerability is a variation of a classic directory traversal vulnerability, also referred to as arbitrary file retrieval.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
Adobe ColdFusion Unspecified Directory Traversal Vulnerability Scanner Detail
Executes a directory traversal attack against a ColdFusion server and tries to grab the password hash for the administrator user. It then uses the salt value (hidden in the web page) to create the SHA1 HMAC hash that the web server needs for authentication as admin. You can pass this value to the ColdFusion server as the admin without cracking the password hash.
Try it yourself,
control security posture
control security posture