Bugtraq mailing list archives
Re: ColdFusion File Upload Exploit (fwd) - correction
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 15 Sep 1998 11:45:39 -0400
At 09:14 AM 9/15/98 -0400, David LeBlanc wrote:
At 08:23 PM 9/14/98 -0500, Aleph One wrote:---------- Forwarded message ---------- Date: Mon, 14 Sep 1998 12:12:23 -0600 From: INFO2000 TECH <colby () INFO2000 NET> To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: ColdFusion File Upload Exploit The following message was posted to the Allaire's COLD FUSION forums: By default, on Windows NT installations, the CF function, GetTempDirectory returns C:\WINNT.Not quite true (from the API docs): The GetTempPath function gets the temporary file path as follows: 1. The path specified by the TMP environment variable. 2. The path specified by the TEMP environment variable, if TMP is not defined. 3. The current directory, if both TMP and TEMP are not defined.
Although this is correct, apparently Cold Fusion does more than wrap the Win32 API in their internal API, so I'm in error - it works the way they said (which IMHO, seems not to be too smart - if you're going to hard code a default, %systemroot% isn't a good one).
WORKAROUND: Currently, TEMP is correctly set to C:\TEMP as a User
Environment
Variable, but should also be set as a System Environment Variable.I agree with this.
Oh - and as was just pointed out on NTBUGTRAQ, you have to restart any apps which you'd like to take advantage of any new environment variables. David LeBlanc dleblanc () mindspring com
Current thread:
- ColdFusion File Upload Exploit (fwd) Aleph One (Sep 14)
- <Possible follow-ups>
- Re: ColdFusion File Upload Exploit (fwd) David LeBlanc (Sep 15)
- Re: ColdFusion File Upload Exploit (fwd) - correction David LeBlanc (Sep 15)