Wednesday, September 11, 2013

Pentesting of coldfusion web-application.

ColdFusion is a commercial rapid web application development platform.
CFML = ColdFusion Markup Language

ColdFusion = Adobe’s product that handles CFML page/libs
– Runs on Windows, Solaris, HP/UX and Linux
– Apache, IIS, Jrun
  
Following modules are Available in metasploit for coldfusion.

msf > search coldfusion

auxiliary/gather/coldfusion_pwd_props             
auxiliary/scanner/coldfusion_rds_check                                         
auxiliary/scanner/http/cold_fusion_version                             
auxiliary/scanner/http/coldfusion_locale_traversal                 
exploit/windows/http/coldfusion_fckeditor     


Following documents are available for pentesting of coldfusion web-application

ColdFusion for Penetration Testers


ColdFusion Web Shell

If you have good document available for pentesting of coldfusion web-application ; please let me know. We will add it.

No comments:

Post a Comment