Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe ColdFusion Detector

By kannthu

Informative
Vidoc logoVidoc Module
#adobe#coldfusion#tech
Description

What is the "Adobe ColdFusion Detector?"

The "Adobe ColdFusion Detector" module is designed to detect a running ColdFusion instance by identifying an error page. ColdFusion is a software development platform used for building web applications. This module focuses on identifying potential misconfigurations or vulnerabilities related to ColdFusion.

This module has an informative severity level, meaning it provides valuable information without indicating a critical security issue. It was authored by philippedelteil.

Impact

This module does not directly impact the target system. Instead, it helps identify potential issues or vulnerabilities related to the ColdFusion instance. By detecting the presence of ColdFusion and any associated error pages, it provides insights into the configuration and potential security risks.

How does the module work?

The "Adobe ColdFusion Detector" module utilizes HTTP request templates and matching conditions to identify a running ColdFusion instance. It sends a GET request to the target system, specifically targeting the "/_something_.cfm" path.

The module uses two matching conditions to determine if ColdFusion is present:

- The first condition checks the response body for the presence of the phrase "ColdFusion documentation". If this phrase is found, it indicates the presence of ColdFusion. - The second condition checks the response status code. If the status code is 404, it suggests that the "/_something_.cfm" path does not exist, further indicating the presence of ColdFusion.

By combining these matching conditions, the module can accurately detect a running ColdFusion instance.

For example, the module sends a GET request to "/_something_.cfm" and expects to find the phrase "ColdFusion documentation" in the response body. Additionally, it verifies that the response status code is 404.

For more information, you can refer to the original tweet by philippedelteil.

Metadata:

- max-request: 1

- verified: true

- shodan-query: http.component:"Adobe ColdFusion"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/_something_.cfm
Matching conditions
word: ColdFusion documentationand
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability