> I have a fairly unique situation here. Our cf server has
> very limited access rights. It cannot write any files at all
> anywhere on our servers. In this case how would it be
> possible to exploit the security hole?
Since it's a problem with the API and CGI stubs, it might not have anything
to do with the rights possessed by the CF server, but rather by your web
server - the API stubs run in-process with your web server.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
