Re: viewing source code

Fri, 04 May 2001 11:26:44 -0700 

I think it's the +.htr bug which allows people to see
the CF source code.
Try putting +.htr at the end of any .cfm page on your
site and viewing the source.
e.g.
http://www.site.com/index.cfm+.htr

--- Priscilla Yamin <[EMAIL PROTECTED]> wrote:
> This is a multi-part message in MIME format.
> 
> ------=_NextPart_000_0058_01C0D3EA.088CB120
> Content-Type: text/plain;
>       charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> Someone sent me an email that said our IIS server
> has a well known bug =
> that allows people to view the CF source code.=20
> 
> Is anyone familiar with this? And is this something
> to be concerned =
> about?
> 
> 
> 
> ------=_NextPart_000_0058_01C0D3EA.088CB120
> Content-Type: text/html;
>       charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
> Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type
> content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2462.0"
> name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times
> New Roman" =
> size=3D3>Someone sent me=20
> an email that said our IIS server has a well known
> bug that allows =
> people to=20
> view the CF source code. <BR><BR>Is anyone familiar
> with this? And is =
> this=20
> something to be concerned =
> about?</FONT><BR><BR></FONT></DIV></BODY></HTML>
> 
> ------=_NextPart_000_0058_01C0D3EA.088CB120--
> 
>
------------------------------------------------------------------------------
> To unsubscribe, send a message to
> [EMAIL PROTECTED] with
> 'unsubscribe' in the body or visit the list page at
www.houseoffusion.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with 
'unsubscribe' in the body or visit the list page at www.houseoffusion.com

Reply via email to