BackgroundAdobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.
I recently moved my blog over to a custom domain -- https://www.
IntroductionThis post is about ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11, but it's also about more than just those versions.
IntroductionππππππππSix years ago today, on September 12, 2017, Adobe released APSB17-30.
BackgroundIn this post I'll be walking though CVE-2023-29301, which is an access control bypass / password brute force vulnerability in Adobe ColdFusion that I reported to Adobe and was fixed on July 11, 2023 in Adobe Product Security Bulletin APSB23-40.
TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities.
This is the first of what may be a couple of posts about my presentation from ColdFusion Summit East 2023, which was held in April in Washington, DC.
I spoke at ColdFusion Summit East 2023 last week.
BackgroundMura CMS is a popular content management system written in ColdFusion/CFML.
Update March 6, 2023 - the full security advisory has been posted here: https://hoyahaxa.
An IntroductionThis is the first of what may become a few blog posts based on my CFSummit 2022 talk.
Photo credit: @coldfumonkehI attended my first CFSummit, where I talked about a handful of web vulnerability classes (SSRF, Session Puzzles, Cryptography flaws, and XML attacks) that might be overlooked by some ColdFusion/CFML developers.
IntroductionIt's time to dive into another old vulnerability.
I want to find all of the security bugs.
Awhile ago I was testing a web application and found a command injection vulnerability.
Looking back at old vulnerabilities can be both fun and useful.
Welcome to the first post of what may become a series - Stupid Unix Tricks.
TL;DR: Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect.
