Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-20767 PoC — ColdFusion | Improper Access Control (CWE-284)

Source
https://github.com/m-cetin/CVE-2024-20767
Associated Vulnerability
Title:ColdFusion | Improper Access Control (CWE-284) (CVE-2024-20767)
Description:ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
Description
Proof of Concept for CVE-2024-20767. Arbitrary file read from Adobe ColdFusion
Readme
# Proof of Concept script for CVE-2024-20767 

## Overview
`get-the-files.py` is a Python script that exploits a vulnerability in Adobe ColdFusion Servers (CVE-2024-20767) to read files from the server. The script is based on a method outlined at https://jeva.cc/2973.html.

## Disclaimer
This script is provided for educational purposes only. Unauthorized testing of servers, exploiting vulnerabilities without permission, and accessing or disclosing private data without consent are illegal and unethical activities. By using this script, you agree to do so within the bounds of the law and ethical guidelines. The author or contributors are not responsible for any misuse or damage caused by this script.

## Prerequisites
+ Python 3.x
+ `requests` library

## Installation

Before running the script, ensure you have Python 3.x installed on your system. You can download Python from the official website: https://www.python.org/downloads/.

To install the required requests library, run the following command:

```pip install requests```

## Usage

The script can be executed from the command line by providing the necessary arguments.

```
python get-the-files.py --endpoints <URLs> --port <PORT> --command <FILE_PATH>
``` 

Arguments
+ -e or --endpoints: Target Adobe ColdFusion Server URL(s). This argument is required and can accept multiple URLs separated by spaces.
+ -p or --port: Target server port. This argument is optional and defaults to 8500 if not provided.
+ -c or --command: The file path to read from the server. This argument is required.

### Example
```
python get-the-files.py --endpoints example.com another-example.com --port 8500 --command "/etc/passwd"
``` 

## Affected versions
ColdFusion servers with the Performance Monitoring Toolset enabled (and accessible via /pms) running the following versions are vulnerable:
+ ColdFusion 2023.6
+ ColdFusion 2021.12
+ Earlier versions

## License
This script is released under the MIT License. See the LICENSE file for more details.

## Contact
For any questions or concerns regarding this script, please open an issue on the GitHub repository.
File Snapshot

 [4.0K]  /data/pocs/7ea0cac15809083dcd984efe638ad0beba56bc2e
├── [2.1K]  get-the-files.py
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →