Hello guyz.A fine weekend is here. So I am gonna share my weekend special experiment with you. Today we are going to exploit coldfusion. A lot many government and military websites that use this software, but only about 15% are vulnerable.
ColdFusion is a commercial rapid web application development platform invented by Jeremy and JJ Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML.) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By Version 2 (1996), it had become a full platform that included an IDE in addition to a “full” scripting language. As of 2010, versions of ColdFusion (purchased by Adobe Systems in 2005) include advanced features for enterprise integration and development of rich Internet applications.
- A vpn connection. TOR not recommended
- Tamper Data – Firefox (Tor) Plugin
This is extremely easy by the use of the “ext” google dork:
Testing to see it’s vulnerable:
The way we test to see if the site’s vulnerable, is by first going to the admin panel. So, for example, if we have the following URL:
We would then go to:
Code: Login to read more