thanks pete, i just saw this reply.
ill show him and my people at work :)
cf-ras
On Fri, Feb 24, 2012 at 2:44 PM, Pete Freitag wrote:
>
> On Thu, Feb 23, 2012 at 7:39 PM, James Holmes wrote:
>
>>
>> This would confirm which patches are missing:
>>
>> http://www.hackmycf.com/
>>
>
> James - it
gt; Subject: Re: CF attack on a buddies server
>
>
> On Thu, Feb 23, 2012 at 7:39 PM, James Holmes
> wrote:
>
> >
> > This would confirm which patches are missing:
> >
> > http://www.hackmycf.com/
> >
>
> James - it will let you know to the best
On Thu, Feb 23, 2012 at 7:39 PM, James Holmes wrote:
>
> This would confirm which patches are missing:
>
> http://www.hackmycf.com/
>
James - it will let you know to the best of its abilities, but there are
certain factors that might cause it to not detect a missing patch (eg
perhaps something i
This would confirm which patches are missing:
http://www.hackmycf.com/
--
Shu Ha Ri: Agile and .NET blog
http://www.bifrost.com.au/
On 24 February 2012 02:46, Pete Freitag wrote:
>
> On Wed, Feb 22, 2012 at 7:55 PM, Ras Tafari wrote:
>
> > any idea how they were able to get the file that r
On Wed, Feb 22, 2012 at 7:55 PM, Ras Tafari wrote:
> any idea how they were able to get the file that ran into the cfide
> directory? and what might prevent that part?
> that's the most haunting part to him. i said it was probably a
> windows exploit first... not sure tho.
>
If they are runnin
I would say that most folks running their own web server with no previous
expereince usually do leave great big holes.
running every site under the default iis user
not removing everyone group from drives
not sandboxing coldfusion
these things can allow code in any sites to read/read to any other
I didnt, was in a meeting, fwd'd all msgs to him and didn't go back and
read... but it wouldn't hurt to read myself :)
On Wednesday, February 22, 2012, Dave Watts wrote:
>
> > any idea how they were able to get the file that ran into the cfide
> > directory? and what might prevent that part?
> >
> any idea how they were able to get the file that ran into the cfide
> directory? and what might prevent that part?
> that's the most haunting part to him. i said it was probably a
> windows exploit first... not sure tho.
Did you read my initial response? It describes the likely
possibilities f
any idea how they were able to get the file that ran into the cfide
directory? and what might prevent that part?
that's the most haunting part to him. i said it was probably a
windows exploit first... not sure tho.
any help is awesome.
thanks guys
On Wed, Feb 22, 2012 at 12:47 PM, Pete Freitag
I have seen variants of that script before, it is published in several
places.
In addition to what has already been mentioned, here are some steps you can
take to make sure these types of attacks fail (obviously though the more
critical issue is how did the attacker get the file there in the firs
here's the code again incase pastebin killed that link
http://pastebin.com/qvBTEP50
On Wed, Feb 22, 2012 at 11:12 AM, Dave Watts wrote:
>
>> this code was somehow dropped into my friends cfide directory and ran,
>> did lots of bad things, stole db passwords, changed his cf code, etc.
>>
>> http
> this code was somehow dropped into my friends cfide directory and ran,
> did lots of bad things, stole db passwords, changed his cf code, etc.
>
> http://pastebin.com/Jg2Cs0ch
>
> any idea how to protect from this kinda attack?
> thanks!
I would recommend that you read the CF 9 Server Lockdown
I think the first step, provided that he has sandbox access (and
capability) is to disable cfexecute and limit createObject to coldfusion
components.
On Wed, Feb 22, 2012 at 11:04 AM, Ras Tafari wrote:
>
> hey guys.
>
> this code was somehow dropped into my friends cfide directory and ran,
> di
hey guys.
this code was somehow dropped into my friends cfide directory and ran,
did lots of bad things, stole db passwords, changed his cf code, etc.
http://pastebin.com/Jg2Cs0ch
any idea how to protect from this kinda attack?
thanks!
cf-ras
~~
14 matches
Mail list logo
