Adobe ColdFusion Improper Access Control Arbitrary File Read

This repository contains a Python exploit script (CVE-2024-20767.py) targeting Adobe ColdFusion servers vulnerable to CVE-2024-20767. The exploit works in two stages: first, it sends a request to the '/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat' endpoint to obtain a UUID from the server. Then, it uses this UUID in a header to send a second request to the '/pms' endpoint, exploiting a directory traversal vulnerability to read arbitrary files from the server. The script requires the attacker to specify the target server's address, port (default 8500), and the file path to read. The repository also includes a minimal README. The exploit is operational and demonstrates the ability to read files from a vulnerable ColdFusion server over the network.

This repository contains a Python proof-of-concept exploit for CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion (2023 Update 6 and earlier, 2021 Update 12 and earlier). The exploit works in two stages: it first retrieves a UUID from the vulnerable endpoint '/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat', then uses this UUID in a header to access the '/pms' endpoint with a crafted 'file_name' parameter to read arbitrary files from the server's file system. The exploit is executed via command line, requiring the target server's URL, port, and the file path to read. The repository includes a README with usage instructions, affected product versions, and references. The main exploit capability is remote, unauthenticated arbitrary file read via network requests to specific ColdFusion endpoints.

This repository provides a Python-based exploit for CVE-2024-20767, a critical arbitrary file read vulnerability in Adobe ColdFusion 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier). The exploit consists of a main script (exploit.py), a requirements file, and a README.md with detailed usage instructions. The exploit works by first retrieving a UUID from a ColdFusion server endpoint, then using that UUID to send crafted requests to another endpoint that allows reading arbitrary files from the server's file system. The script supports scanning single URLs or lists of targets, and writes results to an output file. The attack vector is network-based, requiring HTTP(S) access to the target server. The endpoints targeted are specific ColdFusion administrative and logging modules. The exploit is a proof-of-concept and does not provide post-exploitation payloads beyond file read capability.