"Older installations" could refer to sites that installed the FCKEditor
in their CF site before Adobe integrated it
into CF8.
Forrest C. Gilmore
===========================
Charlie Arehart wrote:
Yep, and it seems (as also discussed in John Mason’s entry, at
http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat)
that the problem goes beyond just what can be abused if one uses
CFTEXTAREA richtext=”yes”, but in fact what the hackers can do
leveraging the FCKeditor directly. John’s entry gets to the details
Howard is hinting at here, too, if folks want more info.
/charlie
*From:* [email protected] [mailto:[email protected]] *On Behalf Of *Howard
Fore
*Sent:* Thursday, July 02, 2009 7:42 PM
*To:* [email protected]
*Subject:* Re: [ACFUG Discuss] CF Attacks in the wild
Yes not older. In fact, an 8.0.1 installation is more vulnerable than
8.0.0 due to a change at line 29 of CFIDE\
scripts\ajaxFCKeditor\editor\filemanager\connectors\cfm\config.cfm
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
