Vulnerability Name :-
=> "Adobe ColdFusion 9 Administrative Login Bypass"Description :-
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.Report-Timeline:- 2013-12-11: Public Disclosure (metasploit)
Status:- Published
Product:-
Platform :- Windows and Linux
ColdFusion 9.0, 9.0.1, 9.0.2, and 10Platform :- Windows and Linux
Exploitation-Technique:- Remote
Exploit Code :- Download Here
Read More :: Click Here
Source :: http://www.exploit-db.com/
Sign up here with your email
ConversionConversion EmoticonEmoticon