Yes, I'm pretty certain that's how it works. You may want to test the actual CF URLs even if you've moved CFIDE, as CF has a defined URL pattern match in its configuration to ensure that some URLs work in any case.
Dave Watts, CTO, Fig Leaf Software -----Original Message----- From: Ian Skinner <h...@ilsweb.com> Sent: Friday, 03 July, 2009 10:08 To: cf-talk <cf-talk@houseoffusion.com> Subject: Re: New CF8 vulnerability Dave Watts wrote: > You may want to check for this on any clients/projects you've worked with: > http://isc.sans.org/diary.html?storyid=6715 How does this exploit actually work? I presume it is somebody directly accessing the exposed, vulnerable, exploitable files via www.yourSite.org/cfide/scripts/something? Is that correct? If so, we may have been lucky enough that our cfide folder is not publicly available at the moment, but I would like to know more as I present this up the chain to get remediation steps done on our production servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324203 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4