>Hope noone is doing what these guys are. They have their SQL logins in
>their application.cfm and global.asa.
Wouldn't it be more ethical to notify them of the vulnerability rather than
cause them a potential security problem by proudly posting your findings to
a public list?
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.