At 08:23 PM 9/14/98 -0500, Aleph One wrote: >---------- Forwarded message ---------- >Date: Mon, 14 Sep 1998 12:12:23 -0600 >From: INFO2000 TECH <colbyat_private> >To: NTBUGTRAQat_private >Subject: ColdFusion File Upload Exploit > >The following message was posted to the Allaire's COLD FUSION forums: > >By default, on Windows NT installations, the CF function, GetTempDirectory >returns C:\WINNT. Not quite true (from the API docs): The GetTempPath function gets the temporary file path as follows: 1. The path specified by the TMP environment variable. 2. The path specified by the TEMP environment variable, if TMP is not defined. 3. The current directory, if both TMP and TEMP are not defined. >WORKAROUND: Currently, TEMP is correctly set to C:\TEMP as a User Environment >Variable, but should also be set as a System Environment Variable. I agree with this. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:21 PDT