> I recall there was something you could type into the query > string on a call to a CF template that would cause the CF > code to be dumped to the browser (.htr bug in IIS or > something like that...since patched I think) > > I'm trying to settle a bet.
There have been several of these sorts of things - source code viewing exploits. Some have been on IIS, some have been on any Windows web server (due to the ability of a single file on NTFS to contain multiple data streams), some on other platforms. To the best of my knowledge, there are no currently known source code viewing exploits on any up-to-date web server platform. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22source+code+vi ewing%22+%2B+vulnerability&btnG=Google+Search Enjoy! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
