Source code viewing exploits do not allow you to view anything that isn't accessible through the web server.
I see. I assumed a code viewing exploit would be where someone was able to execute a cffile or cfdirectory. On a lot of servers you can see anything on the C: drive with the cfdirectory tag. What about invoking the CFC? If someone could invoke a web-accessible CFC, couldn't they invoke it all the same through the façade? ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228955 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
