Yep, and it seems (as also discussed in John Mason's entry, at http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat) that the problem goes beyond just what can be abused if one uses CFTEXTAREA richtext="yes", but in fact what the hackers can do leveraging the FCKeditor directly. John's entry gets to the details Howard is hinting at here, too, if folks want more info.
/charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Howard Fore Sent: Thursday, July 02, 2009 7:42 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CF Attacks in the wild Yes not older. In fact, an 8.0.1 installation is more vulnerable than 8.0.0 due to a change at line 29 of CFIDE\ scripts\ajaxFCKeditor\editor\filemanager\connectors\cfm\config.cfm ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
