ColdFusion/Java strange script -
just found weird script on server of 1 of clients. i'm not cfml pro. can tell me if genuine coldfusion script or hacker shell , if does? name cf_fun.cfm
<cfset sf = createobject("java", "coldfusion.server.servicefactory")> <cfset rxml=""> <cftry> <cfscript> rxml = xmlnew(); rxml.xmlroot = xmlelemnew(rxml,"result"); rxml.result.xmltext = "0"; </cfscript> <cfswitch expression="#trim(exec_mode)#"> <cfcase value="encode"> <cfscript> sres = sf.datasourceservice.encryptpassword(param); rxml.result.xmlchildren[1] = xmlelemnew(rxml,"param"); rxml.result.param.xmltext = param; rxml.result.xmlchildren[2] = xmlelemnew(rxml,"encoded"); rxml.result.encoded.xmltext = sres; </cfscript> </cfcase> <cfcase value="test"> <cfscript> sf.datasourceservice.verifydatasource(param); </cfscript> </cfcase> <cfcase value="commit"> <cfscript> sf.datasourceservice.load(); </cfscript> </cfcase> <cfcase value="rollback"> <cfscript> sf.datasourceservice.store(); </cfscript> </cfcase> <cfdefaultcase> <cfthrow message="invalid command specified" errorcode = "1" > </cfdefaultcase> </cfswitch> <cfcatch> <cfscript> rxml = xmlnew(); rxml.xmlroot = xmlelemnew(rxml,"result"); rxml.result.xmltext = "-1"; rxml.result.xmlchildren[1] = xmlelemnew(rxml,"description"); rxml.result.description.xmltext = cfcatch.message; </cfscript> </cfcatch> </cftry> <cfoutput>#rxml#</cfoutput>
you did not tell version of coldfusion running or found file? have never heard of before. searched coldfusion 9.0.1 server , not find anywhere. searched google , found specific reference file name here. makes seem though file part of plesk panel. reference found listed under parallels hosting company. using them hosting or using plesk panel? if so, appears legitimate file.
i found another post here parallel's team member replied "plesk not support coldfusion dsn , sandbox". since code shared appears related coldfusion datasources perhaps "hook" creating/editing dsns coldfusion using panel.
just guess...
Comments
Post a Comment