CVE-2009-1872 PoC — Adobe ColdFusion Server 服务器多个跨站脚本攻击漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2009/CVE-2009-1872.yaml

Associated Vulnerability

Title:Adobe ColdFusion Server 服务器多个跨站脚本攻击漏洞 (CVE-2009-1872)
Description:ColdFusion是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 ColdFusion的searchlog.cfm、_logintowizard.cfm、_authenticatewizarduser.cfm、_authenticatewizarduser.cfm脚本没有正确过滤用户所提交的startRow等参数，远程攻击者可以通过提交恶意请求执行跨站脚本或跨站请求伪造攻击。此外Col

Description

Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

File Snapshot


 id: CVE-2009-1872

info:
  name: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
  author: princecha

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-1872 PoC — Adobe ColdFusion Server 服务器 多个跨站脚本攻击漏洞