Adobe ColdFusion Cross Site Scripting / Disclosure

Adobe ColdFusion Cross Site Scripting / Disclosure: Posted Jan 28, 2011; Authored by MustLive; Adobe ColdFusion suffers from cross site scripting and disclosure vulnerabilities.; tags | exploit, vulnerability, xss, sql injection, info disclosure; SHA-256 | 7c7ad4468042f3270eec5cd9989f3673a89812a25841b893851bef7513bdfbda; Download | Favorite | View

Adobe ColdFusion Cross Site Scripting / Disclosure

Hello list!

I want to warn you about SQL DB Structure Extraction, Full path disclosure
and Cross-Site Scripting vulnerabilities in Adobe ColdFusion.

The vulnerabilities exist at detailed error report page. At 16.11.2010 I
privately informed Adobe about it, but they ignored my letter.

-------------------------
Affected products:
-------------------------

Vulnerable are possibly all versions of Adobe ColdFusion.

----------
Details:
----------

SQL DB Structure Extraction (WASC-13):

http://site/page.cfm?id=-

Information about SQL query is showed (if this web application is working
with DBMS).

Full path disclosure (WASC-13):

http://site/page.cfm?id=-

Full path at server is showed.

XSS (WASC-08):

At request to page http://site/page.cfm?id=- with User-Agent “Mozilla<body
onload=alert(document.cookie)>” it was possible to execute code.
Vulnerability worked in 2009 and at 25.02.2010. Now this vulnerability is
fixed (possibly in last versions of ColdFusion).

XSS (WASC-08):

http://site/page.cfm?id=%3Cbody%20onload=alert(document.cookie)%3E

Attack vector via tag script, which worked in 2009 and at 25.02.2010, was
already fixed in last versions of ColdFusion. But it's still possible to
attack via many other vectors (e.g. via tag body).

------------
Timeline:
------------

2008-2010 - found these vulnerabilities at different web sites on ColdFusion
and informed admins (and some admins of these sites potentially could told
Adobe about these issues, as XSS via User-Agent and via tag script were
fixed at time of February 2010).
2010.11.16 - informed developers (Adobe ignored).
2011.01.27 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4879/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 144 files
Ubuntu 111 files
Debian 18 files
Rafael Pedrero 11 files
LiquidWorm 10 files
Google Security Research 10 files
Apple 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,714)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,130)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,923)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,448)
UNIX (9,208)
UnixWare (185)
Windows (6,532)
Other

Adobe ColdFusion Cross Site Scripting / Disclosure

Adobe ColdFusion Cross Site Scripting / Disclosure

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Adobe ColdFusion Cross Site Scripting / Disclosure

Share This

Adobe ColdFusion Cross Site Scripting / Disclosure

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems