Adobe ColdFusion uses message format the Action (AMF). The AMF Protocol is a custom binary serialization Protocol. It has two formats: AMF0 and AMF3. Action message consists of headers and bodies. There are several implementations of AMF in different languages. For Java we have Adobe BlazeDS (now Apache BlazeDS) which is also used in Adobe ColdFusion. Adobe Coldfusion is affected to a Java Deserialisation Flaw in its Apache BlazeDS Library when it handles untrusted Java Objects which further gives Attacker the permission to attack remotely as a Remote Code Execution Vulnerability.
WinMerge
Update files:
The flex-messaging-core.jar library contains the class flex.messaging.validators.ClassDeserializationValidator that performs validation. Therefore, it was separately decompiled using the Java Decompiler and once again launched for comparison in WinMerge.
Install and Exploiting: https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2017-3066
In the file "test.rules " presents a rule for the Suricata utility. The rule allows network traffic to detect exploitable vulnerabilities.
The rule is connected in the /etc/suricata/suricata file.yaml:
default-rule-path: /etc/suricata
rule-files:
- test.rules
RUN:
suricata -c /etc/suricata/suricata.yaml –I ens33
Log /var/log/suricata/fast.log
Signature 79 73 6F 73 65 72 69 61 = ysoserial