Rob Gonda's Blog

Blog Bio Agenda Jobs AjaxCFC

Coldfusion MX serial number: wide open

Posted At : June 12, 2005 4:00 PM | Posted By : Rob Gonda
Related Categories: Coldfusion

Shared hosting companies usually block cfexecute and cfregistry at the sandbox level; but what about cfobject or the createobject function? Coldfusion 5.0 used to have the license serial number in the Server scope. Macromedia immediately recognized the security flaw and removed it in the MX versions. Yet, undocumented coldfusion such as the ServiceFactory object allows anyone to get a hold of the serial number. Perhaps, try to execute the following code:

<cfobject type="JAVA" action="Create" name="o" class="coldfusion.server.ServiceFactory">
<cfdump var="#o.LicenseService.getProperties()#">

posted on June 12, 2005 at 4:00 PM by Rob Gonda

Comments (0) | Trackbacks (0) |

Print |

Send |

del.icio.us |

Digg It!

TrackBacks

There are no trackbacks for this entry.

Trackback URL for this entry:
http://www.robgonda.com/blog/trackback.cfm?72284DB9-3048-7431-E45ECF1C75B8A896

[Add Trackback]

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment]

Search

Calendar

<< September 2010 >>

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

Twitter

Loading... << | >>

follow RobGonda at twitter.com

Archives By Subject

Adobe (36) | rss

Advertising (2) | rss

AIR / Apollo (7) | rss

ajax (156) | rss

ajaxCFC (56) | rss

Browsers (15) | rss

business (3) | rss

Cfeclipse (4) | rss

ColdBox (6) | rss

Coldfusion (204) | rss

Dreamweaver (2) | rss

events (48) | rss

Flash/ActionScript (41) | rss

Flex (41) | rss

Generic (113) | rss

Humor (2) | rss

JS/DHTML (43) | rss

Linux (3) | rss

Mobile (3) | rss

OpenID (1) | rss

Operating Systems (8) | rss

Pictures (1) | rss

Sapient (2) | rss

Security (5) | rss

Social Media (4) | rss

Software (44) | rss

Subversion (14) | rss

Transfer (1) | rss

Trends (2) | rss

Virtual Machines (4) | rss

Web 2.0 (2) | rss

WTF?! (1) | rss

Recent Entries

No recent entries.

Recent Comments

MSSQL and Pagination
Robb MacLean said: Hey Rob, 4 years later... I just wanted to thank you for posting this. Seems to work like a charm! ... [More]

SVN: PROPFIND request failed - No Such Revision
andrés said: Thank you so much. This was so useful! You save my day and my life :) [More]

Database diagram support objects cannot be installed
Laurie said: Thanks. Worked great! [More]

cflocation vs getPageContext().forward() = java.lang.OutOfMemoryError
pat branley said: Hi Rob Had the same issue today. See: http://kb2.adobe.com/cps/... [More]

SVN: PROPFIND request failed - No Such Revision
Will said: Thanks! This really helped save the day for me. Will [More]

Subscribe

RSS

Tags

adobe ajax ajaxcfc browsers coldfusion events flash/actionscript flex generic js/dhtml software sql subversion

PROJECTS

ajaxCFC v1.1 A3
sqlCFC v0.2

This blog is running version 5.9.003. Contact Blog Owner