Video PoC Exploit for ColdFusion vulnerability:


* Adobe ColdFusion <= 11 XML External Entity (XXE) Injection (CVE-2016-4264)

Discovered by Dawid Golunski



https://legalhackers.com


Description:

The video below demonstrates how a remote (potentially unauthenticated) attacker could use the CVE-2016-4264 vulnerability in Adobe ColdFusion to obtain files stored on the web server and perform other XXE attacks by uploading malicious OXML files containing malicious payloads that take advantage of this vulnerability.






Thanks for watching


To receive updates on this as well as new vulnerabilities




<-- BACK TO legalhackers.com