Video PoC Exploit for ColdFusion vulnerability:

* Adobe ColdFusion <= 11 XML External Entity (XXE) Injection (CVE-2016-4264)

Discovered by Dawid Golunski


The video below demonstrates how a remote (potentially unauthenticated) attacker could use the CVE-2016-4264 vulnerability in Adobe ColdFusion to obtain files stored on the web server and perform other XXE attacks by uploading malicious OXML files containing malicious payloads that take advantage of this vulnerability.

Thanks for watching

To receive updates on this as well as new vulnerabilities