Security For Everyone

Adobe ColdFusion Unspecified Directory Traversal Vulnerability Scanner

The vulnerability is a variation of a classic directory traversal vulnerability, also referred to as arbitrary file retrieval.

Short Info

Level

Medium

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

30 days

Scan only one

Domain, IPv4, Subdomain

Toolbox

-

Executes a directory traversal attack against a ColdFusion server and tries to grab the password hash for the administrator user. It then uses the salt value (hidden in the web page) to create the SHA1 HMAC hash that the web server needs for authentication as admin. You can pass this value to the ColdFusion server as the admin without cracking the password hash.

Get started to protecting your Free Full Security Scan

Start trial See the plans