Sunday, 31 March 2019

What is the risk associsated towards the use of ColdFusion tags?

ColdFusion framework provides us many tags which are capable to access the hard drive, registry and other network resources. To mitigate the security risks, ColdFusion programmers are also provided the facility to restrict the use of many tags which can provide the important information from database to the hackers.

There is a list to understand the tags and other potential risks -

cfcache - to create static HTML content on your website or server.
cfcollection - to modify and delete the collections.
cfcontent - to download the content outside of the directory root folder.
cfcookie - to write cookies on the user browser.
cfexecute - to execute arbitrary programs from the command line.
cffeed - to execute RSS feeds of the ColdFusion application.
cfftp - to transfer the one file to the another machine with FTP browser.
cfimap - to manipulate the IMAP server settings.
cfimage - to manipulate the images of an application.
cfinsert - to insert the data into the application.

Hope you have liked this post ! Thanks for reading it !

reference links - 

No comments:

Post a Comment