Great,
I have tested a real site with ?Mode=debug. It works.
Can I suggest you some modification?
1/ replace
if("CF_TEMPLATE_PATH" >< r)security_hole(port);
close(soc);
by
close(soc);
if("CF_TEMPLATE_PATH" >< r)
{
security_hole(port);
exit(0);
}
So the vulnerability is notified just one time.
2/ change the order of dirs ("/" in first) ???
remove dir[7] = string(cgibin(), "/"); (no change to find a cf page there)
is it necessary to test all those url ?
3/ add "httpver.nasl" in depedencies for virtual host request
Georges Dagousset
----- Original Message -----
From: "Felix Huber" <huberfelixat_private>
To: <plugins-writersat_private>; "Renaud Deraison"
<deraisonat_private>
Sent: Wednesday, November 07, 2001 4:46 PM
Subject: New Script
Hi everybody,
just wrote a plugin for a ColdFusion Debug Bug
You can try the script against this box:
http://www.pit-stop.de/index.cfm
http://www.pit-stop.de/index.cfm?Mode=debug
Regards,
Felix Huber
-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelixat_private (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 08:41:49 PST