Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe ColdFusion - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#adobe#coldfusion#xss
Description

Adobe ColdFusion - Cross-Site Scripting

What is the "Adobe ColdFusion - Cross-Site Scripting?"

The "Adobe ColdFusion - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Adobe ColdFusion applications. This vulnerability can be exploited by attackers to execute arbitrary scripts on a remote host running the affected application. The severity of this vulnerability is classified as high.

This module was authored by dhiyaneshDK.

Impact

A successful exploitation of the cross-site scripting vulnerability in Adobe ColdFusion can lead to various consequences, including:

- Execution of arbitrary scripts on the affected host - Potential theft of sensitive information - Manipulation of user sessions - Defacement of web pages

How the module works?

The "Adobe ColdFusion - Cross-Site Scripting" module works by sending HTTP requests to specific paths in the target application. It then applies matching conditions to determine if the vulnerability is present. One example of a request path that is checked is "/CFIDE/debug/cf_debugFr.cfm?userPage=javascript:alert(1)".

The module uses the following matching conditions to identify the vulnerability:

- Check if the response body contains the string "<"cf_main_cf" src="javascript:alert(1)">" - Check if the response header contains the string "text/html" - Check if the response status code is 200

If all of these conditions are met, the module reports the presence of the cross-site scripting vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/CFIDE/debug/cf_debu.../cfusion/debug/cf_de...
Matching conditions
word: "cf_main_cf" src="javascript:alert(1)"and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability