Lucee Authenticated Scheduled Job Code Execution
This Metasploit module can be used to execute a payload on Lucee servers
that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion
file, which is then downloaded and executed when accessed. The payload is uploaded as a cfm file when queried by the target server. When executed,
the payload will run as the user specified during the Lucee installation.
On Windows, this is a service account; on Linux, it is either the root
user or lucee.
https://packetstormsecurity.com/files/171221/lucee_scheduled_job.rb.txt
Thu, 02 Mar 2023 15:21:50 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)