akde/infosec

Information security is ultimately about managing risk

Coldfusion

Version 8 has an interesting vulnerability.

Directory traversal with multiple/remote/14641.py reveals a SHA1 password hash.
In the publicly available login page, the salt can be accessed and added to the hash:
console.log(hex_hmac_sha1(document.loginform.salt.value, ‘2F635F6D20E3FDE0C53075A84B68FB07DCEC9B03’));

Leave a Reply Cancel reply

You must be logged in to post a comment.

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';