exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Railo 4.2.1 Remote File Inclusion https://packetstormsecurity.com/files/128234/railo_cfml_rfi.rb.txt https://packetstormsecurity.com/files/128234/railo_cfml_rfi.rb.txt https://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html Fri, 12 Sep 2014 03:49:57 GMT This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close