Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Discover Cold Fusion cfcache.map Files

By kannthu

Low
Vidoc logoVidoc Module
#exposure#coldfusion#adobe#files
Description

What is "Discover Cold Fusion cfcache.map Files?"

The "Discover Cold Fusion cfcache.map Files" module is designed to detect the presence of cfcache.map files in ColdFusion applications. ColdFusion is a rapid web application development platform developed by Adobe. This module focuses on identifying potential misconfigurations in the cfcache.map files, which can expose sensitive information and potentially lead to security vulnerabilities.

This module has a severity level of low, indicating that the identified issues may have limited impact on the security of the application.

Impact

If the cfcache.map files are exposed, an attacker may gain insights into the internal structure and configuration of the ColdFusion application. This information can be used to identify potential vulnerabilities or aid in further attacks.

How the module works?

The "Discover Cold Fusion cfcache.map Files" module sends a GET request to the "/cfcache.map" path of the target application. It then applies two matching conditions to determine if the cfcache.map file is exposed:

    - The module checks if the response body contains the words "Mapping=" and "SourceTimeStamp=". These words indicate the presence of the cfcache.map file. - The module verifies that the response status code is 200, indicating a successful request.

If both conditions are met, the module reports a potential vulnerability, indicating that the cfcache.map file is accessible and may need further investigation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cfcache.map
Matching conditions
word: Mapping=, SourceTimeStamp=and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability