Back to directory
WRITEUP #805

Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet

XXESecurity code review
by@hoyahaxa(Brian)
Program
Adobe (ColdFusion)
Published
Sep 12, 2023
Added to HackDex
Feb 6, 2024
Read Full Writeuphttps://www.hoyahaxa.com/2023/09/exploiting-cve-2017-11286.html
RELATED WRITEUPS
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
IIS welcome page to source code review to LFI!
SSRFLFI
The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program
XXELFI

Built with ❤️ by Shubham Rawat