Quoting "Robertson-Ravo, Neil (RX)" <[EMAIL PROTECTED]>: > > I fail to see how it can be exploited? My AV software will capture the > bad things, my firewall will block ALL types of traffic coming into my > machine by default. All uncessary ports have been disbled from listening > and the only ones I have open are the ones I know I require. I do not see > how one unfiltered URL data in a CFML page can exploit the machine?
What if the URL data causes some MS SQL Server stored procedure to be executed which does an HTTP request (outbound, so not filtered), and retreives a modified IRC client. The next malfomed URL data causes the IRC client to be executed, through MS SQL Server again, upon which the IRC client establishes a connection to some remote host (outbound, so not filtered) and reports back a 'ready to accept commands' message. Firewalls set to refuse inbound traffic on unknown ports actually provide little security. An even easier example; what if you didn't follow the recommended procedures and you are running an old CF version with the documentation installed? Gives you file system access through the cffile examples so you can upload whatever you want and then use cfexecute to run it. Would your firewall refuse that traffic? Statefull firewalls that monitor both in- and outbound traffic are a little better, they would stop the first example, but in the end security is an all out effort. You need to implement it at every level, not just at the gate. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
