Adobe ColdFusion <= 11 XML External Entity (XXE) Exploit Video

Video PoC Exploit for ColdFusion vulnerability:

* Adobe ColdFusion <= 11 XML External Entity (XXE) Injection (CVE-2016-4264)

Discovered by Dawid Golunski Follow @dawid_golunski

https://legalhackers.com

Description:

The video below demonstrates how a remote (potentially unauthenticated) attacker could use the CVE-2016-4264 vulnerability in Adobe ColdFusion to obtain files stored on the web server and perform other XXE attacks by uploading malicious OXML files containing malicious payloads that take advantage of this vulnerability.

Thanks for watching

To receive updates on this as well as new vulnerabilities Follow @dawid_golunski

ExploitBox.io
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:

ExploitBox.io
A Playground & Labs for security folks into HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<-- BACK TO legalhackers.com