|
While ColdFusion is a great technology, it is only as good as the server it is mounted on, and the skill of the person writing th ColdFusion code.
Server issue:
It is true that not all the people maintaining servers are as up to date in applying patches as they should be. In fact we recently tested a server that we were about to mount stuff on and found it was hideously vunerable due to a failure to apply a patch that had been in existence for over 12 months beforehand!
This particular issue affected IIS4 and IIS5 servers.
If you have ColdFusion pages on such a server and are concerned then type “+.htr” on the end of the url for one of your ColdFusion pages. If all is well you should get a “page not found” error. The alternative is either a blank screen, or a screen with some of your #variablename# tags present. This is really bad news!!!
Why?
Well if you now look at the source code for this page you will see all your tags revealed.
How bad can that be?
Catastrophic! If one of the pages reveals one of your database queries then your site is extremely vulnerable.
How is it vulnerable?
Do you have any pages that end in “.cfm?id=104” or something similar?
If so consider if somebody having found the name of your database (let us suppose it is called “membersinfo”) due to the above method for revealing source code, then decided to type:
“.cfm?id=104;DROP%20TABLE%20MEMBERSINFO”
This might create the query:
<CFQUERY NAME=”membersdata” DATASOURCE=”Localserver”>
Select * FROM membersinfo
WHERE id = ‘url.id’
DROP TABLE MEMBERSINFO
</CFQUERY>
This is not good at all!
This is your site down until the table is remounted onto the server.
What can you do?
Well apart from getting onto the support for the server to apply the patch for the “.htr” problem, you need to consider the security of your scripts ...</P>
|
