Subscribe via feed.

Lucee Authenticated Scheduled Job Code Execution

Posted by deepcore on March 3, 2023 – 7:54 am

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It’s possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is uploaded as a cfm file when queried by the target server. When executed, the payload will run as the user specified during the Lucee installation. On Windows, this is a service account; on Linux, it is either the root user or lucee.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.