I didnt, was in a meeting, fwd'd all msgs to him and didn't go back and read... but it wouldn't hurt to read myself :)
On Wednesday, February 22, 2012, Dave Watts wrote: > > > any idea how they were able to get the file that ran into the cfide > > directory? and what might prevent that part? > > that's the most haunting part to him. i said it was probably a > > windows exploit first... not sure tho. > > Did you read my initial response? It describes the likely > possibilities for writing a file. > > It probably wasn't a Windows exploit actually, unless you happen to be > running Windows 2000 or something. IIS and Windows are fairly secure > "out of the box" and don't have remote exploits that let you write > files via HTTP requests, unless you enable WebDAV. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350061 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
