http://www.securiteam.com/exploits/Patch_Available_for_the_Undocumented_CFML
_Tags_vulnerability.html
----- Original Message -----
From: "Michael Thomas" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, November 19, 2000 6:54 PM
Subject: Re: CF functions list.....
> Not only are there many hidden cf functions.... even besides the ones
shown
> below & that will be returned by the GetFunctiosnList() but there are tags
> too..... As I have found some of these are potentially dangerous.
>
>
> >From: [EMAIL PROTECTED] (Michael Dinowitz)
> >Reply-To: [EMAIL PROTECTED]
> >To: CF-Talk <[EMAIL PROTECTED]>
> >Subject: Re: CF functions list.....
> >Date: Sun, 19 Nov 2000 17:41:48 -0500
> >
> >The function shows ALL functions, including the hidden ones. I've got
notes
> >on them all and will put them up. I know I've said I would do this is the
> >past and have only slowly, but that's changing. I'm in final release of
my
> >annotated docs (docs you can comment on) and they'll be released with the
> >functions.
> >You can look at what's there and comment at www.fusionauthority.com/docs
> >
> >
> > > Has anyone ever used the GetFunctionList() function to display all of
> >the
> > > functions available that the CF Server supports???
> > >
> > > I did & it came back with some functions that Ive never seen before. I
> >have
> > > a list of those functions below:
> > >
> > > CF_GETDATASOURCEUSERNAME
> > > CF_ISCOLDFUSIONDATASOURCE
> > > CF_SETDATASOURCEPASSWORD
> > > CF_SETDATASOURCEUSERNAME
> > > CFUSION_DBCONNECTIONS_FLUSH
> > > CFUSION_DECRYPT
> > > CFUSION_DISABLE_DBCONNECTIONS
> > > CFUSION_ENCRYPT
> > > CFUSION_GETODBCDSN
> > > CFUSION_GETODBCINI
> > > CFUSION_SETODBCINI
> > > CFUSION_SETTINGS_REFRESH
> > > CFUSION_VERIFYMAIL
> > >
> > > These were all grouped together, as the list is returned in
alphabetical
> > > order. These may not be the only ones that were new to my knowledge.
Do
> > > these work??? hehe
> > >
> > > BTW All of the other functions listed were listed the exact same way.
> >All
> > > uppercase & missing the parenthesis like those above.
> > >
> > > Sincerely,
> > > Mike
> > >
> > > P.S. After quick glance I found another one below:
> > > JAVACAST
> > >
> > > >From: "Michael Thomas" <[EMAIL PROTECTED]>
> > > >Reply-To: [EMAIL PROTECTED]
> > > >To: CF-Talk <[EMAIL PROTECTED]>
> > > >Subject: OT: CF Web Dev.....
> > > >Date: Sun, 19 Nov 2000 12:38:41 GMT
> > > >
> > > >Sorry for the off topic post. I hope I dont get flamed beyond
> >recognition
> > > >over this but I have a web development site that Ive been working on
> >the
> > > >last 6/7 months that is about to launch January 1st. One of the
> >sections
> > > >covers the Cold Fusion language. I have about 18 CF related
> > > >articles/tutorials all ranging from Beginner to Advanced Levels
(Mostly
> > > >beginner, Im working my up the ladder with content).
> > > >
> > > >I wuz wondering if anyone would like to contribute anything to this
> > > >project,
> > > >doesnt matter how big or small (Everything counts ^_^). I do however
> >have
> > > >to
> > > >admit before hand that I cannot pay anything for any contributions
> >made.
> >I
> > > >do this project in my free time to contribute something back to the
> > > >community that has given so much to me, just as evryone here does
> >everyday
> > > >in this list. Even though I cant pay anything it doesnt mean that
this
> > > >doesnt come without benefits.
> > > >
> > > >If anyone is interested in this opportunity you can contact me
directly
> >at
> > > >[EMAIL PROTECTED] Once again sorry for the off topic post. Thanx in
> > > >advance for all your time.
> > > >
> > > >Sincerely,
> > > >Mike
> > >
> >
>_________________________________________________________________________
> > > >Get Your Private, Free E-mail from MSN Hotmail at
> >http://www.hotmail.com.
> > > >
> > > >Share information about yourself, create your own public profile at
> > > >http://profiles.msn.com.
> > > >
> > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >Structure your ColdFusion code with Fusebox. Get the official book at
> > > >http://www.fusionauthority.com/bkinfo.cfm
> > > >
> > > >Archives: http://www.mail-archive.com/[email protected]/
> > > >Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> > >
> > >
> >_________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at
> >http://www.hotmail.com.
> > >
> > > Share information about yourself, create your own public profile at
> > > http://profiles.msn.com.
> > >
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > Structure your ColdFusion code with Fusebox. Get the official book at
> >http://www.fusionauthority.com/bkinfo.cfm
> > >
> > > Archives: http://www.mail-archive.com/[email protected]/
> > > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> > >
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Structure your ColdFusion code with Fusebox. Get the official book at
> >http://www.fusionauthority.com/bkinfo.cfm
> >
> >Archives: http://www.mail-archive.com/[email protected]/
> >Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
>
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
