[thelist] CF Freebie

Raymond Camden rcamden at allaire.com
Sun Dec 17 17:21:50 CST 2000 

As a side note to this, everyone who runs IIS and CF (or ASP) should check
to make sure they are not vulnerable to the ::$DATA or +.htr hack. To check,
go to any CF page (or ASP), like www.myserver.com/foo.cfm, and add ::$DATA
or +.htr to the end of the URL. If the CF(ASP) source code shows up, your
vulnerable.

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Allaire

Email   : jedimaster at allaire.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Oliver Lineham
> Sent: Sunday, December 17, 2000 5:29 AM
> To: thelist at lists.evolt.org
> Subject: [thelist] CF Freebie
>
>
> <tip type="ColdFusion">
> Here is an quick way to make the original (unparsed) CFML source to a
> ColdFusion template accessible. Put this code at the top of the file:
>
> <cfparam name="url.source" default=0>
> <cfif url.source>
> <cfcontent file=#cgi.path_translated# type="text/plain">
> </cfif>
>
> If your file is http://somewhere.com/index.cfm you can view the
> CFML source
> by going to http://somewhere.com/index.cfm?source=1
>
> Note: if your server doesn't set #cgi.path_translated#, you'll
> have to put
> in eg.
>    file="c:\real\path\to\file\index.cfm"
> instead (but cgi.path_translated is nicer since you don't have to
> change it
> for each file, and it the whole thing could be <cfinclude>'d).
>
> Of course, if you don't want your code to be public, you had
> better not use
> this tip!
> </tip>
>
> ____________________________________________________
>      v i b e   m e d i a    http://www.vibe.co.nz/
>   po box 10-492              wellington, new zealand
>   phone +64 21 210-7845         oliver at lineham.co.nz
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list