Several (tm) months back I did my talk on "From LOW to PWNED" at hashdays and BSides Atlanta.
The slides were published here and the video from hashdays is here, no video for BSides ATL.
I consistently violate presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post  ColdFusion
- Originally released in 1995 by Allaire
- Motivation: make it easier to connect simple HTML pages to a database
- Along the way became full Java
- Latest version is ColdFusion 9 released in 2009
- Most recent features focus on integration with other technologies, e.g. Flash, Flex, AIR, Exchange, MS Office, etc.
- Frequent to see CF 7 - 9 on the web
- Open Source CFML avalable as well
- BlueDragon, Railo, Mura CMS
Locale traversal CVE: 2010-2861
great overview/walkthru here: http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
ColdFusion MX6 6.1 base patches
ColdFusion MX7 7,0,0,91690 base patches
ColdFusion MX8 8,0,1,195765 base patches
ColdFusion MX8 8,0,1,195765 with Hotfix4
ColdFusion 9? Immunity reported yes, but Adobe fixed downloadable version of 9. so maaaaaaybe if old version of 9.
*no patches exist for 6 & 7 so if you see CF6 or CF7 its always vuln to the bug*
advisory info here: http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf