Source viewing exploits typically have nothing to do with application
servers but, are a result of flaws in the web server that the application
servers are running on top of. When a web server receives a request it
checks to see how it is supposed to handle the MIME type of the requested
file. In the case of .CFM/CFML files, the server should be configured to
pass execution to the appropriate entry point. With MS Internet Information
Server this is ISCF.DLL. In certain situations you can force the web server
to pass the requested file through an improper parser/execution engine, or
none at all. This allows the viewing of the un-parsed/executed source code.
This type of exploit is independent of the scripting language used, it can
affect ASP, PHP, CFM, etc.
Steve
-----Original Message-----
From: Claremont, Timothy S [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 9:39 AM
To: CF-Talk
Subject: View Source of .CFM File
I am looking for a post from a month of so ago that details the command to
add to the end of a URL that will allow you to view the source of a .CFM
file on another server.
>From what I understand, and correct me if I am wrong, this command worked
with 4.0 servers but does not work with 4.5+.
Any details about this command would be appreciated!
Thanks
--------------------------------------------
Tim Claremont
Xerox Corporation
--------------------------------------------
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
