9 matches found
CVE-2014-5468
CVE-2014-5468 is a Railo Remote File Include vulnerability affecting Railo 4.2.1 and earlier. A specially crafted request to thumbnail.cfm can cause the server to include a malicious PNG, enabling an attacker to download arbitrary PNGs and, via directory traversal, append ColdFusion markup to the...
CVE-2014-5468
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code...
clusterd - Application Server Attack Toolkit
clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. See the wiki for more information. Requiremen...
Railo Remote File Include (CVE-2014-5468)
This module exploits a remote file include vulnerability in Railo. A vulnerability in thumbnail.cfm allows an attacker to download an arbitrary PNG file, and by taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the...
Railo Remote File Include
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
Railo 4.2.1 - Remote File Inclusion (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Railo Remote File Include', 'Description' = ' This module exploits a remote file include vulnerability in Railo, tested against versi...
Railo 4.2.1 Remote File Inclusion
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Railo Remote File Include', 'Description' = ' This module exploits a remote file include vulnerability in Railo, tested against versi...
Railo 4.2.1 Remote File Inclusion Exploit
This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an...
Railo Remote File Include
This module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append...