Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPaulino Calderon <[email protected]>NMAP:HTTP-CAKEPHP-VERSION.NSE
HistoryMay 20, 2011 - 9:25 a.m.

http-cakephp-version NSE Script

2011-05-2009:25:22
Paulino Calderon <[email protected]>
nmap.org
212

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Obtains the CakePHP version of a web application built with the CakePHP framework by fingerprinting default files shipped with the CakePHP framework.

This script queries the files ‘vendors.php’, ‘cake.generic.css’, ‘cake.icon.png’ and ‘cake.icon.gif’ to try to obtain the version of the CakePHP installation.

Since installations that had been upgraded are prone to false positives due to old files that aren’t removed, the script displays 3 different versions:

  • Codebase: Taken from the existence of vendors.php (1.1.x or 1.2.x if it does and 1.3.x otherwise)
  • Stylesheet: Taken from cake.generic.css
  • Icon: Taken from cake.icon.gif or cake.icon.png

For more information about CakePHP visit: <http://www.cakephp.org/&gt;.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80,443 --script http-cakephp-version &lt;host/ip&gt;

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-cakephp-version: Version of codebase: 1.2.x
| Version of icons: 1.2.x
| Version of stylesheet: 1.2.6

Requires

description = [[
Obtains the CakePHP version of a web application built with the CakePHP
framework by fingerprinting default files shipped with the CakePHP framework.

This script queries the files 'vendors.php', 'cake.generic.css',
'cake.icon.png' and 'cake.icon.gif' to try to obtain the version of the CakePHP
installation.

Since installations that had been upgraded are prone to false positives due to
old files that aren't removed, the script displays 3 different versions:
* Codebase: Taken from the existence of vendors.php (1.1.x or 1.2.x if it does and 1.3.x otherwise)
* Stylesheet: Taken from cake.generic.css
* Icon: Taken from cake.icon.gif or cake.icon.png

For more information about CakePHP visit: http://www.cakephp.org/.
]]

---
-- @usage
-- nmap -p80,443 --script http-cakephp-version <host/ip>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- | http-cakephp-version: Version of codebase: 1.2.x
-- | Version of icons: 1.2.x
-- | Version of stylesheet: 1.2.6

author = "Paulino Calderon <[email protected]>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery","safe"}

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

local openssl = stdnse.silent_require "openssl"

portrule = shortport.http

-- Queries for fingerprinting
local PNG_ICON_QUERY = "/img/cake.icon.png"
local GIF_ICON_QUERY = "/img/cake.icon.gif"
local STYLESHEET_QUERY = "/css/cake.generic.css"
local VENDORS_QUERY = "/js/vendors.php"

-- Cakephp's stylesheets hashes
local CAKEPHP_STYLESHEET_HASHES = {
  ["aaf0340c16415585554a7aefde2778c4"] = {"1.1.12"},
  ["8f8a877d924aa26ccd66c84ff8f8c8fe"] = {"1.1.14"},
  ["02a661c167affd9deda2a45f4341297e"] = {"1.1.17", "1.1.20"},
  ["1776a7c1b3255b07c6b9f43b9f50f05e"] = {"1.2.0 - 1.2.5", "1.3.0 Alpha"},
  ["1ffc970c5eae684bebc0e0133c4e1f01"] = {"1.2.6"},
  ["2e7f5372931a7f6f86786e95871ac947"] = {"1.2.7 - 1.2.9"},
  ["3422eded2fcceb3c89cabb5156b5d4e2"] = {"1.3.0 beta"},
  ["3c31e4674f42a49108b5300f8e73be26"] = {"1.3.0 RC1 - 1.3.7"}
}

action = function(host, port)
  local response, png_icon_response, gif_icon_response
  local icon_versions, stylesheet_versions
  local icon_hash, stylesheet_hash
  local output_lines
  local installation_version

  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
  local status_404, result_404, _ = http.identify_404(host,port)
  if ( status_404 and result_404 == 200 ) then
    stdnse.debug1("Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", host.ip, port.number)
    return nil
  end

  -- Are the default icons there?
  png_icon_response = http.get(host, port, PNG_ICON_QUERY,{redirect_ok=false})
  gif_icon_response = http.get(host, port, GIF_ICON_QUERY,{redirect_ok=false})
  if png_icon_response.body and png_icon_response.status == 200 then
    icon_versions = {"1.3.x"}
  elseif gif_icon_response.body and gif_icon_response.status == 200 then
    icon_versions = {"1.2.x"}
  end

  -- Download cake.generic.css and fingerprint
  response = http.get(host, port, STYLESHEET_QUERY,{redirect_ok=false})
  if response.body and response.status == 200 then
    stylesheet_hash = stdnse.tohex(openssl.md5(response.body))
    stylesheet_versions = CAKEPHP_STYLESHEET_HASHES[stylesheet_hash]
  end
  -- Is /js/vendors.php there?
  response = http.get(host, port, VENDORS_QUERY,{redirect_ok=false})
  if response.body and response.status == 200 then
    installation_version = {"1.1.x","1.2.x"}
  elseif response.status ~= 200 and (icon_versions or stylesheet_versions) then
    installation_version = {"1.3.x"}
  end
  -- Prepare output
  output_lines = {}
  if installation_version then
    output_lines[#output_lines + 1] = "Version of codebase: " .. table.concat(installation_version, ", ")
  end
  if icon_versions then
    output_lines[#output_lines + 1] = "Version of icons: " .. table.concat(icon_versions, ", ")
  end
  if stylesheet_versions then
    output_lines[#output_lines + 1] = "Version of stylesheet: " .. table.concat(stylesheet_versions, ", ")
  elseif stylesheet_hash and nmap.verbosity() >= 2 then
    output_lines[#output_lines + 1] = "Default stylesheet has an unknown hash: " .. stylesheet_hash
  end
  if #output_lines > 0 then
    return table.concat(output_lines, "\n")
  end
end

Related

nmap 200
nmap
nmap
daytime NSE Script
2008-11-06 02:52:59
nessus-brute NSE Script
2011-10-26 21:45:33
ipv6-multicast-mld-list NSE Script
2015-12-19 15:50:08

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:HTTP-CAKEPHP-VERSION.NSE
nmap200