Page 1 of 1
phf command execution vunerability
Posted: 12 Apr 2006, 15:21
by bwhsh8r2
what programs can i use to exploit the phf command execution vunerability and or the Allaire ColdFusion 4.0x CFCACHE Vulnerability? any help would be grately appreciated.
thank you all who are more knowlagable than me and are willing to share their knowlage
max
Posted: 12 Apr 2006, 22:48
by CommonStray
The CFCACHE tag is a feature available in ColdFusion 4.x to perform template caching to increase page delivery performance by compiling and storing the output of CFML pages. When this tag is utilized in a .CFM page it creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory.
check out the Sans new and most widely used programs, Metasploit may be useful for what your wanting to do, also you may want to use Paros Proxy[/i]