> any idea how they were able to get the file that ran into the cfide > directory? and what might prevent that part? > that's the most haunting part to him. i said it was probably a > windows exploit first... not sure tho.
Did you read my initial response? It describes the likely possibilities for writing a file. It probably wasn't a Windows exploit actually, unless you happen to be running Windows 2000 or something. IIS and Windows are fairly secure "out of the box" and don't have remote exploits that let you write files via HTTP requests, unless you enable WebDAV. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350060 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
