LFI to Shell in Coldfusion 6-10
ColdFusion has several very popular LFI’s that are often used to fetch CF hashes, which can then be passed or cracked/reversed. A lesser use of this LFI, one that I haven’t seen documented as of yet, is actually obtaining a shell. When you can’t crack or pass, what’s left? The less-than-obvious solution is to exploit CFML’s parser, […]
read more »