Menu

Search for hundreds of thousands of exploits

"Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting"

Author

Exploit author

"Lorenzo Hernandez Garcia-Hierro"

Platform

Exploit platform

cfm

Release date

Exploit published date

2003-10-15

Download file

1
2
3
4
5
6
7
source: https://www.securityfocus.com/bid/8840/info

It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be exploited by an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. If successful, an attacker may obtain access to cookie-based authentication credentials that may lead to other attacks. This attack would occur in the security context of the vulnerable site.

Macromedia ColdFusion MX version 6.0 may be vulnerable to this issue, however other versions may be affected as well. 

http://www.example.com/article.cfm?id=1'<script>alert(document.cookie);</script>
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-09-16 "Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload" webapps cfm "Pankaj Kumar Thakur"
2017-10-24 "Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection" webapps cfm "Anthony Cole"
2015-04-21 "BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion" webapps cfm Portcullis
2011-09-27 "Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm MustLive
2011-08-18 "Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting" webapps cfm G.R0b1n
2011-02-24 "Alcassoft's SOPHIA CMS - SQL Injection" webapps cfm p0pc0rn
2011-02-15 "Lingxia I.C.E CMS - Blind SQL Injection" webapps cfm mr_me
2011-01-25 "ActiveWeb Professional 3.0 - Arbitrary File Upload" webapps cfm StenoPlasma
2010-12-13 "Mura CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm "Richard Brain"
2010-11-24 "ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)" webapps cfm Metasploit
Release Date Title Type Platform Author
2003-10-15 "Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting" webapps cfm "Lorenzo Hernandez Garcia-Hierro"
2003-10-03 "Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting" webapps cgi "Lorenzo Hernandez Garcia-Hierro"
2003-09-29 "Geeklog 1.3.x - Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-09-29 "Geeklog 1.3.x - SQL Injection" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-11 "phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module - 'PDA_limit' Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-11 "phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - 'PAGE_id' Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-11 "phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - 'day' Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-11 "PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - SQL Injection" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-11 "phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module - 'fatcat_id' Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-08 "PostNuke 0.6/0.7 web_links Module - TTitle Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-08 "PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-08-04 "Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-19 "pMachine 1.0/2.x - Multiple Script 'sfx' Full Path Disclosures" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-19 "pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-19 "pMachine 1.0/2.x - Search Module Cross-Site Scripting" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-13 "Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-13 "Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-06-09 "H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting" webapps java "Lorenzo Hernandez Garcia-Hierro"
2003-04-15 "osCommerce 2.2 - Authentication Bypass" webapps php "Lorenzo Hernandez Garcia-Hierro"
2003-04-15 "osCommerce 2.2 - 'product_info.php' Denial of Service" dos php "Lorenzo Hernandez Garcia-Hierro" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected