Another: http://blogs.coldfusion.com/post.cfm/a-new-security-advisory-for-coldfusion-is-now-available
On Fri, Jan 4, 2013 at 7:55 PM, Eric Bourland <e...@ebwebwork.com> wrote: > > Claude, thank you. That's really helpful information and gives me > perspective. Eric > > -----Original Message----- > From: Claude Schnéegans <schneeg...@internetique.com> > [mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans <schneegans@interneti=71?= > =?ISO-8859-1?Q?ue.com=3E?=] > Sent: Friday, January 04, 2013 4:16 PM > To: cf-talk > Subject: Re: New Security Issue with CF > > > >>I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. > > The file itself is some tool designed to be used by developers, probably > not > developed by rhe hacker himself. He just found a way to store it on > servers. > > >>but how did that hacker place the h.cfm file in /CFIDE/ to begin with? > > I'm not going to unvail the trick here, all I can say is that there must be > a programer at Adobe not very proud of him, if he is still working for > Adobe > today. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353785 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm