From 06bd1e2bc24141e29d95e7323b40a2a6c7dec703 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Tue, 5 Sep 2023 12:50:03 +0800
Subject: [PATCH] Update GobyVuls-Document.md

---
 GobyVuls-Document.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md
index a06a1cd..73a0eac 100644
--- a/GobyVuls-Document.md
+++ b/GobyVuls-Document.md
@@ -3,6 +3,31 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
 
 **Updated document date: Jul 28, 2023** 
 
+## Adobe ColdFusion WDDX C3P0 remote code execution vulnerability
+
+|   **Vulnerability**  | **Adobe ColdFusion WDDX C3P0 remote code execution vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body="/cfajax/" \| header="CFTOKEN" \| banner="CFTOKEN" \| body="ColdFusion.Ajax" \| body="<cfscript>" \| server="ColdFusion" \| title="ColdFusion" \| (body="crossdomain.xml" && body="CFIDE") \| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
+| **Number of assets affected**  | 567468 |
+| **Description**  | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
+| **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |
+
+## Adobe ColdFusion WDDX JGroups remote code execution vulnerability
+
+|   **Vulnerability**  | **Adobe ColdFusion WDDX JGroups remote code execution vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | Adobe ColdFusion WDDX JGroups 远程代码执行漏洞 |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body="/cfajax/" \| header="CFTOKEN" \| banner="CFTOKEN" \| body="ColdFusion.Ajax" \| body="<cfscript>" \| server="ColdFusion" \| title="ColdFusion" \| (body="crossdomain.xml" && body="CFIDE") \| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
+| **Number of assets affected**  | 567468 |
+| **Description**  | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
+| **Impact** |The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/09/05/459741d98c251494.gif)
+
+
 ## Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability
 
 |   **Vulnerability**  | **Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability**  |