Adobe ColdFusion unauthenticated RCE / arbitrary file read

Small standalone exploit repository with 3 files: LICENSE, README.md, and a single Python entry point exploit.py. The repository is not itself part of a larger exploit framework. The Python script implements an unauthenticated Adobe ColdFusion RCE for CVE-2023-26360 using the same two-step technique described in the README: (1) send malformed _variables data to the exposed iedit.cfc endpoint so ColdFusion logs attacker-controlled CFML into coldfusion-out.log, then (2) abuse classname metadata/deserialization to load that poisoned log file as a ColdFusion template and execute the CFML. The payload avoids <cfexecute> and instead uses java.lang.Runtime.exec(), making it more reliable on hardened systems where cfexecute may be disabled. The exploit supports both Windows and Linux targets by selecting cmd.exe /C or /bin/sh -c, accepts an arbitrary operator-supplied command, and optionally routes traffic through an HTTP proxy. The CFML payload also attempts cleanup by truncating the current template file after execution. Main fingerprintable target artifact is the ColdFusion endpoint /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc and the log path ..\logs\coldfusion-out.log. Overall, this is a functional operational PoC for unauthenticated command execution rather than a detector or documentation-only repository.

This repository contains a single Python script (CVE-2023-26360.py) that exploits CVE-2023-26360, an unauthenticated remote code execution vulnerability in Adobe ColdFusion 2021 (up to Update 5) and 2018 (up to Update 15). The script allows an attacker to check if a target is running ColdFusion, execute arbitrary system commands, or obtain a reverse shell on the vulnerable server. It does so by injecting CFML payloads that leverage Java's Runtime.exec to execute commands or spawn a shell. The script is interactive and supports several modes: command execution, reverse shell, and interactive shell. It fingerprints the target by checking for ColdFusion-specific cookies and endpoints (such as /CFIDE/componentutils/cfcexplorer.cfc). The exploit is operational and does not require authentication, making it highly impactful if the target is vulnerable. The code is well-structured, with clear separation of functions for payload construction, target checking, and exploitation. No hardcoded IPs or domains are present; the attacker supplies the target and callback information via command-line arguments.

This repository provides a working exploit for CVE-2023-26360, a remote code execution vulnerability in Adobe ColdFusion 2021 (tested on Windows Server 2019). The exploit consists of two main Python scripts: 1. cve-2023-26360.py: The main exploit script, which crafts and sends malicious CFML payloads to a vulnerable ColdFusion server endpoint. It leverages the vulnerability to load a Java class from a remote server controlled by the attacker. 2. server.py: A simple HTTP server that serves a malicious Java payload (e.g., a reverse shell generated with msfvenom) to the target when requested. The README.md provides detailed setup and usage instructions, including how to generate the payload and configure the scripts. The exploit requires the attacker to set up both scripts with the correct IP addresses and ports. The attack vector is network-based, targeting the ColdFusion server over HTTP. The exploit achieves remote code execution by causing the target server to load and execute attacker-supplied Java code, typically resulting in a reverse shell. Notable endpoints include the vulnerable ColdFusion CFC endpoint, the attacker's payload server, and file paths used in the exploitation process. The repository is operational and provides a working exploit with a customizable payload.

This repository contains a Python proof-of-concept exploit for CVE-2023-26360, a vulnerability in Adobe ColdFusion. The main file, 'CVE-2023-26360.py', allows an attacker to read arbitrary files from a vulnerable server by sending a specially crafted POST request to a .cfc endpoint (default: /CFIDE/wizards/common/utils.cfc). The exploit manipulates the '_metadata.classname' parameter in the JSON body to specify the file to read. If successful, the file contents are printed and saved to 'output.txt'. The repository also includes a minimal README with usage instructions and a requirements.txt specifying the 'requests' library. The exploit is network-based, requires knowledge of the target host and file path, and is intended for use against Adobe ColdFusion servers vulnerable to CVE-2023-26360.

This repository provides a working exploit and detection script for critical vulnerabilities in Adobe ColdFusion (CVE-2023-26359, CVE-2023-26360, CVE-2023-26361). The main files are 'exploit.py' (the exploit) and 'detect.py' (the detection script). The exploit allows remote attackers to read arbitrary files or execute arbitrary commands on a vulnerable ColdFusion server by abusing insecure deserialization and improper access control in the /CFIDE/wizards/common/utils.cfc endpoint. The exploit supports both Linux and Windows targets, allows proxying, and can be used for both file read and RCE. The detection script checks for vulnerability by attempting to read a known file. The repository is operational and provides real exploit capability, not just a proof of concept. The README provides detailed background, usage instructions, and references to the relevant CVEs.