CVE-2023-26360

This repository contains a functional exploit for CVE-2023-26360, an arbitrary file read vulnerability in Adobe ColdFusion. The exploit leverages a deserialization flaw in the `utils.cfc` endpoint to read arbitrary files from the target system.

This repository contains a functional exploit for CVE-2023-26360, targeting Adobe ColdFusion's deserialization vulnerability. The exploit includes both file read and remote command execution capabilities via crafted HTTP requests to the ColdFusion endpoint.

This repository contains a functional exploit for CVE-2023-26360, a remote code execution vulnerability in Adobe ColdFusion 2021. The exploit leverages deserialization via a malicious CFC endpoint to execute arbitrary Java code, fetching a payload from an attacker-controlled server.

This repository contains a functional exploit for CVE-2023-26360, leveraging ColdFusion's logging mechanism to achieve remote code execution by writing malicious payloads to `coldfusion-out.log` and executing them via classname manipulation.

This repository contains a functional Python exploit for CVE-2023-26360, an unauthenticated RCE vulnerability in Adobe ColdFusion. The exploit includes payload generation for command execution, reverse shells, and URLClassLoader-based attacks, with methods to plant payloads via ColdFusion log injection.

This Metasploit module exploits CVE-2023-26360, an unauthenticated deserialization vulnerability in Adobe ColdFusion, to perform arbitrary file reads. It constructs a malicious JSON payload to manipulate the classname parameter, enabling file disclosure.

This Metasploit module exploits CVE-2023-26360, an unauthenticated deserialization vulnerability in Adobe ColdFusion 2021 Update 5 and earlier, as well as ColdFusion 2018 Update 15 and earlier, to achieve remote code execution. It leverages a malicious CFML payload to trigger a URLClassLoader-based attack, delivering a Java or command-based payload.