漏洞平台

POC详情： 236696df35b89623ded0663aef2d355599335400

来源

https://github.com/Chocapikk/CVE-2024-20767

关联漏洞

标题： Adobe ColdFusion 访问控制错误漏洞 (CVE-2024-20767)
描述：Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe ColdFusion 2023.6, 2021.12 版本及之前版本存在访问控制错误漏洞，该漏洞源于存在不正确的访问控制漏洞，可能导致任意文件系统读取。

描述

Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability

介绍

# CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️

This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).

## Description 📝

The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.

## Affected Products 📉

- ColdFusion 2023: Update 6 and earlier versions
- ColdFusion 2021: Update 12 and earlier versions

## Exploit Usage 💻

This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.

### Prerequisites

- Python 3.x

### Steps

1. Clone this repository.
2. Install the required Python libraries: `pip install -r requirements.txt`
3. Run the exploit script with necessary arguments:

```bash
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>
```

- `-u, --url`: Target Adobe ColdFusion Server URL
- `-o, --output`: File to write vulnerable instances

### Example

```bash
python3 exploit.py -u https://example.com -o vulnerable.txt
```

## Mitigation 🛡️

Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:

- ColdFusion 2023: Update 7
- ColdFusion 2021: Update 13

Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.

## Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.

## References

- Adobe Security Bulletin [APSB24-14](https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html)
- CVE-2024-20767 details on [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767)

Stay safe and secure! 🔐

文件快照


 [4.0K]  /data/pocs/236696df35b89623ded0663aef2d355599335400
├── [4.4K]  exploit.py
├── [2.0K]  README.md
└── [  68]  requirements.txt

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。