6 Replies Latest reply on Dec 1, 2016 9:51 PM by DarthGuybrushOz

    Cold Fusion Vulnerability issue

    Amarnath88

      Hi all,

       

      I am new to cold fusion and i am facing a problem which has been pointed out by our security team on an application wirtten in cold fusion:

      We have an application written in cold fusion, for which the login page is lets say the below -

      https://xxx.com/vendor/index.cfm

       

      Now the vendor is the root directory and it has subdirectories containing the cfm files. So if i do https://xxx.com/vendor/common/abc.cfm , i am able to access the abc.cfm which is in the common folder inside the vendor directory. Now the problem is that if i do https://xxx.com/vendor/common/ , it shows meon browser the list of files present in the common directory, which is not acceptable.. I can see that putting index.cfm in the common folder resolves the problem by redirecting me to the index page. But since there are approximately 120 subdirectories , is there a way to do this in a better way other than putting an index.cfm in every folder ? I tried the missing page handler on the server colsole but no luck.

       

      Any assistance will be greatly appreciated.