Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2010-2861

Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

POC

Reference

- http://securityreason.com/securityalert/8148

- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

Github

- https://github.com/0ps/pocassistdb

- https://github.com/0xS3rgI0/Full-Cheatsheets

- https://github.com/0xs3rgi0/Full-Cheatsheets

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/422926799/haq5201314

- https://github.com/4ra1n/poc-runner

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Advisory-Newsletter/Cring-Ransomware

- https://github.com/CertifiedCEH/DB

- https://github.com/CyberlearnbyVK/Cheatsheet-God

- https://github.com/CyberlearnbyVK/redteam-notebook

- https://github.com/D4rkSi3er/Cyber-Sec-Resources

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/H4cking2theGate/TraversalHunter

- https://github.com/HimmelAward/Goby_POC

- https://github.com/JFisch25200/IT-Resources

- https://github.com/Mickael5466/GG

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Odayex/BugBounty

- https://github.com/OlivierLaflamme/Cheatsheet-God

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/QWERTSKIHACK/Pentest-BookmarkS

- https://github.com/QWERTSKIHACK/Pentest-Bookmarkz

- https://github.com/SexyBeast233/SecBooks

- https://github.com/SofianeHamlaoui/Pentest-Bookmarkz

- https://github.com/Solokali-nethunter/Cheatsheet.god

- https://github.com/Striving-to-learn/Cybersecurity-Resources

- https://github.com/Striving-to-learn/test

- https://github.com/TesterCC/exp_poc_library

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Z0fhack/Goby_POC

- https://github.com/Z3ro110/Full-Cheatsheets

- https://github.com/amcai/myscan

- https://github.com/badrshs/pentest-bookmark-collection

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/bomergang/hackaas

- https://github.com/cyberharsh/coldfusion2861

- https://github.com/cyberwithcyril/VulhubPenTestingReport

- https://github.com/decal/CFMXDC

- https://github.com/djrod/CheatSheet_sec

- https://github.com/eric-erki/Cheatsheet-God

- https://github.com/foobarto/redteam-notebook

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gswest/HackerNote

- https://github.com/h4ck3root/HackerNote

- https://github.com/hcasaes/Cheatsheet-God

- https://github.com/hvardhanx/pentest-bookmarks

- https://github.com/jiushill/haq5201314

- https://github.com/jweny/pocassistdb

- https://github.com/k0mi-tg/Full-Cheatsheets

- https://github.com/mishmashclone/OlivierLaflamme-Cheatsheet-God

- https://github.com/mjutsu/Full-Cheatsheets

- https://github.com/ranhn/Goby-Poc

- https://github.com/samidunimsara/resources-to-learn-hacking

- https://github.com/sphinxs329/OSCP-Cheatsheet

- https://github.com/stefanpejcic/coldfusion

- https://github.com/t0m4too/t0m4to

- https://github.com/umamahesh5689/hk-gitfiles

- https://github.com/winterwolf32/Cheatsheet-God

- https://github.com/zhibx/fscan-Intranet