9 matches found
Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)
Adobe ColdFusion =8.0 http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en server替换成目标网站即可 Update:2017-04-28 This blog was written by Scott White, Senior Principal Security Consultant, Web Application Team Lead – TrustedSec TL;D...
COLDFUSION(CVE-2 0 1 0-2 8 6 1) the local contains a the use of method-vulnerability warning-the black bar safety net
Recently saw foreigner an article said that the CVE-2 0 1 0-2 8 6 1 This use of the method, only seen by reading the password. properties in the password field, to crack the SHA-1 value of the login background, or by passing a hash of the landing back, haven't seen can directly get the SHELL. In...
http-vuln-cve2010-2861 NSE Script
Executes a directory traversal attack against a ColdFusion server and tries to grab the password hash for the administrator user. It then uses the salt value hidden in the web page to create the SHA1 HMAC hash that the web server needs for authentication as admin. You can pass this value to the...
Adobe ColdFusion - Directory Traversal
Exploit for windows platform in category remote exploits $Id: coldfusiontraversal.rb 11974 2011-03-16 01:38:16Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
Adobe ColdFusion - Directory Traversal
$Id: coldfusiontraversal.rb 11986 2011-03-16 10:15:54Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Adobe ColdFusion - Directory Traversal
Adobe ColdFusion - Directory Traversal Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm"...
Adobe ColdFusion - Directory Traversal
Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm" !/usr/bin/python CVE-2010-2861 - Adobe ColdFusion...
CVE-2010-2861
creationtimestamp| type| source ---|---|--- 2010-08-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/14641 2011-03-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16985 2018-05-29 15:50:33+00:00| seen|...
Immunity Canvas: CF_DIRECTORY_TRAVERSAL
Name| CFdirectorytraversal ---|--- CVE| CVE-2010-2861 Exploit Pack| CANVAS Description| ColdFusion Directory Traversal Notes| CVE Name: CVE-2010-2861 VENDOR: http://www.adobe.com Things to consider: 1 - A remote file i-test10-1.cfm will be left in the webroot as well as the CANVAS callback trojan...