admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md

Browse Source
This commit is contained in:
Goby 2023-09-05 14:32:47 +08:00 committed by GitHub
parent c842797814
commit 3824732e86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md Normal file
View File

@ -0,0 +1,10 @@
## Adobe ColdFusion WDDX C3P0 remote code execution vulnerability
| **Vulnerability** | **Adobe ColdFusion WDDX C3P0 remote code execution vulnerability** |
| :----: | :-----|
| **Chinese name** | Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body="/cfajax/" \| header="CFTOKEN" \| banner="CFTOKEN" \| body="ColdFusion.Ajax" \| body="<cfscript>" \| server="ColdFusion" \| title="ColdFusion" \| (body="crossdomain.xml" && body="CFIDE") \| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
| **Number of assets affected** | 567468 |
| **Description** | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
| **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |