Wednesday, April 11, 2012

ColdFusion for Pentesters at SOURCE Boston

I'll be giving my ColdFusion for Pentesters talk at SOURCE Boston next week.

Here is the info from the abstract:

"ColdFusion is one of those technologies where organizations are either ColdFusion shops or they won't touch it on a bet. Similarly, I find that pentesters have either been exposed to it and have a few tricks to attack it or not. Aside from common web application issues, ColdFusion can also be attacked on the network level and many times used to obtain remote access on the host. This talk will cover what is ColdFusion, common ColdFusion issues, finding useful ColdFusion URLs, identifying specific ColdFusion version and components, and verifying if common vulnerabilities are present in the ColdFusion server you are targeting. If access to the ColdFusion administrative interface can be obtained, you can perform post exploitation activities that will typically yield you remote access to the operating system supporting the ColdFusion install."

Like the other talks, i'll do the what it is, why you care (?), and some ways to go after it.  Hopefully useful/interesting.

Hope to see people there.




Raymond Camden said...

Just checking - but you have shared these issues with Adobe, right? So we can fix them of course.

CG said...

nothing 0day, just putting the pieces together.

if you want to talk about what is in the deck before just send me an email.


Anonymous said...

are you going to post those slides online?

Anonymous said...

Chris, still interested - are you going to post those slides online?