Message from discussion
file upload vulnerability in CF801
Received: by 10.210.79.3 with SMTP id c3mr614731ebb.12.1246833655725;
Sun, 05 Jul 2009 15:40:55 -0700 (PDT)
Return-Path: <stephen.more...@gmail.com>
Received: from mail-ew0-f208.google.com (mail-ew0-f208.google.com [209.85.219.208])
by gmr-mx.google.com with ESMTP id 15si1364132ewy.0.2009.07.05.15.40.54;
Sun, 05 Jul 2009 15:40:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of stephen.more...@gmail.com designates 209.85.219.208 as permitted sender) client-ip=209.85.219.208;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of stephen.more...@gmail.com designates 209.85.219.208 as permitted sender) smtp.mail=stephen.more...@gmail.com; dkim=pass (test mode) header...@gmail.com
Received: by ewy4 with SMTP id 4so4271869ewy.42
for <scottishcfug@googlegroups.com>; Sun, 05 Jul 2009 15:40:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type;
bh=zeDuyBUBeJjmC5nQcCog34pZtkGmIWSPnEMhMsd1Oxc=;
b=xj6m1tcsUS+pKk7biIpPsANSv4fhY841buB5cihR1EjWKpcfRW0EN/UrCNKqEcU0VQ
mdgpSala3kBnLoVucshmDwdIX9/a02339V8Q5N9r9tnG9xfja/j7Ud887kFTiPWx/Xif
x1vdDPvJOguLL7NUBFI8/umVZHKhjO8JDdRjY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
b=VxiecMyJEl5uod9zYllRU1nMoq8T+ZdbkpK8Bn6dCo2B6hoGerdIxGdleKk5asCpC0
KsG1ilYYcIUPslJdX14Z7WZlu1Q07r/dEeqUUyrzxfMJ2rAeQgoYcwNaDgxg/RBHvgjD
i1qhG+0eCf+6JOt2BkJgIeK41+DW1ASL+8xVw=
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="0015174c114606d98b046dfd1593"
Received: by 10.210.43.10 with SMTP id q10mr1314432ebq.62.1246833653766; Sun,
05 Jul 2009 15:40:53 -0700 (PDT)
In-Reply-To: <83C10A9B2D9044D3A5B575FB4D77F286@D820>
References: <83C10A9B2D9044D3A5B575FB4D77F286@D820>
Date: Sun, 5 Jul 2009 23:40:53 +0100
Message-ID: <868eda7c0907051540m6fd855faxa277c92d69da7...@mail.gmail.com>
Subject: Re: [SCFUG] file upload vulnerability in CF801
From: Stephen Moretti <stephen.more...@gmail.com>
To: scottishcfug@googlegroups.com
--0015174c114606d98b046dfd1593
Content-Type: text/plain; charset=ISO-8859-1
Just so you are aware its not a ColdFusion vunerability. Its a general
FCKEditor vulnerability, regardless of middleware that it sits on.
2009/7/3 Gareth Cole <gareth.c...@esus.ie>
> Hi Folks,
>
>
>
> Just in case you haven't seen this yet, there's a security vulnerability in
> the CF801 updater:
>
> http://www.theregister.co.uk/2009/07/03/coldfusion_compromise/
>
>
>
> Some genius at adobe decided to enable file uploads by default in the
> embedded fckeditor. Unfortunately, this allows hackers to upload any files
> they want on to your system, and take control of your server.
>
>
>
> The link has full details and remedy.
>
> >
>
--
Stephen Moretti
Blog : http://nil.checksite.co.uk/
Twitter : http://twitter.com/mr_nil
EE: http://beta.experts-exchange.com/M_1167123.html
--0015174c114606d98b046dfd1593
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Just so you are aware its not a ColdFusion vunerability.=A0 Its a general F=
CKEditor vulnerability, regardless of middleware that it sits on.<br><br><b=
r><br><div class=3D"gmail_quote">2009/7/3 Gareth Cole <span dir=3D"ltr"><=
;<a href=3D"mailto:gareth.c...@esus.ie">gareth.c...@esus.ie</a>></span><=
br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link=3D"blue" vlink=3D"purple" lang=3D"EN-US">
<div>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">Hi Folks,</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">=A0</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">Just in case you haven't seen this yet, the=
re's a
security vulnerability in the CF801 updater:</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB"><a href=3D"http://www.theregister.co.uk/2009/07=
/03/coldfusion_compromise/" target=3D"_blank">http://www.theregister.co.uk/=
2009/07/03/coldfusion_compromise/</a></span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">=A0</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">Some genius at adobe decided to enable file upl=
oads
by default in the embedded fckeditor. Unfortunately, this allows hackers to
upload any files they want on to your system, and take control of your serv=
er.</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">=A0</span></font></p>
<p><font size=3D"2" face=3D"Arial"><span style=3D"font-size: 10pt; font-fam=
ily: Arial;" lang=3D"EN-GB">The link has full details and remedy.</span></f=
ont></p>
</div>
<br>
</div>
<br>
</blockquote></div><br><br clear=3D"all"><br>-- <br>Stephen Moretti<br>Blog=
: <a href=3D"http://nil.checksite.co.uk/">http://nil.checksite.co.uk/</a><=
br>Twitter : <a href=3D"http://twitter.com/mr_nil">http://twitter.com/mr_ni=
l</a><br>
EE: <a href=3D"http://beta.experts-exchange.com/M_1167123.html">http://beta=
.experts-exchange.com/M_1167123.html</a><br>
--0015174c114606d98b046dfd1593--
|
