RE: viewing source code

Rastislav Toseak Thu, 03 May 2001 22:58:10 -0700

        Well I don't know anything about the .=20 or so but there is well know IIS
bug that allows to view the source code (vulnerabilities issues) through the
browser. To reproduce the problem append the +.htr to the URL of a CFML page
(ex. http://yourdomain/index.cfm+.htr. If you did not apply patch (there is
a patch available, check Allaire site) you'll be able to see all CFML code
of template when viewing HTML source code. If you did not apply the patch
yet, I would definitely recommend to do so ASAP.

If anybody has exact URL where to download the patch, please post that here,
so somebody does not have to waste his/her time on searching for it.


Thank you,

Rastislav Toscak
Senior Applications Developer
G.Triad
Tel : 973.428.9600 x7509
Fax : 973.428.1112
[EMAIL PROTECTED]
http://www.gtriad.com


-----Original Message-----
From: Priscilla Yamin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 12:59 PM
To: CF-Server
Subject: viewing source code


This is a multi-part message in MIME format.

------=_NextPart_000_0058_01C0D3EA.088CB120
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Someone sent me an email that said our IIS server has a well known bug =
that allows people to view the CF source code.=20

Is anyone familiar with this? And is this something to be concerned =
about?



------=_NextPart_000_0058_01C0D3EA.088CB120
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2462.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
size=3D3>Someone sent me=20
an email that said our IIS server has a well known bug that allows =
people to=20
view the CF source code. <BR><BR>Is anyone familiar with this? And is =
this=20
something to be concerned =
about?</FONT><BR><BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0058_01C0D3EA.088CB120--

----------------------------------------------------------------------------
--
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with 
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
RE: viewing source code

Reply via email to
