Skip to content

Latest commit

 

History

History
59 lines (35 loc) · 1.98 KB

README.md

File metadata and controls

59 lines (35 loc) · 1.98 KB

CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️

This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).

Description 📝

The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.

Affected Products 📉

  • ColdFusion 2023: Update 6 and earlier versions
  • ColdFusion 2021: Update 12 and earlier versions

Exploit Usage 💻

This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.

Prerequisites

  • Python 3.x

Steps

  1. Clone this repository.
  2. Install the required Python libraries: pip install -r requirements.txt
  3. Run the exploit script with necessary arguments:
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>
  • -u, --url: Target Adobe ColdFusion Server URL
  • -o, --output: File to write vulnerable instances

Example

python3 exploit.py -u https://example.com -o vulnerable.txt

Mitigation 🛡️

Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:

  • ColdFusion 2023: Update 7
  • ColdFusion 2021: Update 13

Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.

Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.

References

Stay safe and secure! 🔐