Lucee Authenticated Scheduled Job...

- AV AC AU C I A
发布: 2023-03-02
修订: 2024-12-11

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is uploaded as a cfm file when queried by the target server. When executed, the payload will run as the user specified during the Lucee installation. On Windows, this is a service account; on Linux, it is either the root user or lucee.

0%
当前有1条漏洞利用/PoC
当前有0条受影响产品信息