ColdFusion

Enumeration

Port Scanning, File Extensions (".cfm" or ".cfc"), HTTP Headers ("Server: ColdFusion" or "X-Powered-By: ColdFusion"), Error Messages y Default Files ("admin.cfm" or "CFIDE/administrator/index.cfm").

nmap -p- -sC -Pn 10.129.247.30 --open

Ataques

searchsploit adobe coldfusion
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
 Exploit Title                                                                                                                                                                |  Path
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting                                                                                                                           | cfm/webapps/36067.txt
Adobe ColdFusion - Directory Traversal                                                                                                                                        | multiple/remote/14641.py
Adobe ColdFusion - Directory Traversal (Metasploit)                                                                                                                           | multiple/remote/16985.rb
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)                                                                                            | windows/remote/50781.txt
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution                                                                                   | windows/remote/43993.py
Adobe ColdFusion 2018 - Arbitrary File Upload                                                                                                                                 | multiple/webapps/45979.txt
Adobe ColdFusion 2023.6 - Remote File Read                                                                                                                                    | multiple/webapps/52387.py
Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting                                                                                                             | cfm/webapps/29567.txt
Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities                                                                                                            | cfm/webapps/36172.txt
Adobe ColdFusion 8 - Remote Command Execution (RCE)                                                                                                                           | cfm/webapps/50057.py
Adobe ColdFusion 9 - Administrative Authentication Bypass                                                                                                                     | windows/webapps/27755.txt
Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit)                                                                                                        | multiple/remote/30210.rb
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection                                                                                                               | multiple/webapps/40346.py
Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit)                                                                                                     | multiple/remote/24946.rb
Adobe ColdFusion Server 8.0.1 - '/administrator/enter.cfm' Query String Cross-Site Scripting                                                                                  | cfm/webapps/33170.txt
Adobe ColdFusion Server 8.0.1 - '/wizards/common/_authenticatewizarduser.cfm' Query String Cross-Site Scripting                                                               | cfm/webapps/33167.txt
Adobe ColdFusion Server 8.0.1 - '/wizards/common/_logintowizard.cfm' Query String Cross-Site Scripting                                                                        | cfm/webapps/33169.txt
Adobe ColdFusion Server 8.0.1 - 'administrator/logviewer/searchlog.cfm?startRow' Cross-Site Scripting                                                                         | cfm/webapps/33168.txt
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read                                                                                  | multiple/webapps/51875.py
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results

PreviousAttacking Applications Connecting to Services NextGitlab

Last updated 4 months ago

hashtagEnumeration

hashtagAtaques

Enumeration

Ataques