Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adobe ColdFusion Detector" module is designed to detect the version number of ColdFusion instances based on their logos. ColdFusion is a software development platform used for building web applications. This module helps identify the specific version of ColdFusion being used, which can be useful for vulnerability assessment and ensuring proper configuration.
This module has an informative severity level, meaning it provides valuable information but does not directly indicate a vulnerability or misconfiguration.
Author: philippedelteil
This module does not have a direct impact on the target system. It is purely informational and helps in identifying the version of ColdFusion being used.
The "Adobe ColdFusion Detector" module uses HTTP request templates to interact with the target system. It sends GET requests to specific paths that correspond to ColdFusion logos. By analyzing the response, the module matches the content against predefined conditions to determine the version of ColdFusion.
For example, the module checks if the response body's MD5 hash matches specific values associated with different ColdFusion versions. If a match is found, the module identifies the corresponding version.
Matching conditions:
-status_code==200 && ("da07693b70ddbac5bc0d8bf98d4a3539" == md5(body))
- ColdFusion 8
- status_code==200 && ("c0757351b00f7ecf35a035c976068d12" == md5(body))
- ColdFusion 9
- status_code==200 && ("a4c81b7a6289b2fc9b36848fa0cae83c" == md5(body))
- ColdFusion 10
- status_code==200 && ("7f024de9f480481ca03049e0d66679d6" == md5(body))
- ColdFusion 11
- status_code==200 && ("f1281b6866aef66e35dc36fe4f0bf990" == md5(body))
- ColdFusion 2016
- status_code==200 && ("a88530d7f1980412dac076de732a4e86" == md5(body))
- ColdFusion 2021
- status_code==200 && ("92ef6ee3c4d1700e3cca797b19d3e7ba" == md5(body))
- ColdFusion 2018
- status_code==200 && ("cb594e69af5ba15bca453f76aca53615" == md5(body))
- ColdFusion MX 7
Note: The module performs these checks in an "and" condition, meaning all conditions must be met for a successful match.