Adobe Coldfusion BlazeDS Java Object Deserialization RCE

Exploit-DB: https://www.exploit-db.com/exploits/43993/

Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE

Date: February 6, 2018

Exploit Author: Faisal Tameesh (@DreadSystems)

Company: Depth Security (https://depthsecurity.com)

Version: Adobe Coldfusion (11.0.03.292866)

Tested On: Windows 10 Enterprise (10.0.15063)

CVE: CVE-2017-3066

Advisory: https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html

Category: remote

Notes: This is a two-stage deserialization exploit. The code below is the first stage. You will need a JRMPListener (ysoserial) listening at callback_IP:callback_port. After firing this exploit, and once the target server connects back, JRMPListener will deliver the secondary payload for RCE.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
cf_blazeds_des.py		cf_blazeds_des.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Adobe Coldfusion BlazeDS Java Object Deserialization RCE

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

depthsecurity/coldfusion_blazeds_des

Folders and files

Latest commit

History

Repository files navigation

Adobe Coldfusion BlazeDS Java Object Deserialization RCE

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages