Vulnerability

    Allaire Forums

Affected

    Allaire Forums 2.0.x

Description

    Cameron Childress  found following.   The problem  outlined  below
    seems to effect all Allaire  Forums 2.0.x versions.  A  file named
    GetFile.cfm is found in the root directory of Allaire Forums 2.0.x
    distributions.   This file  will allow  anyone to  access any file
    on servers running Forums.  For example, the following URL  string
    format can be used to call the server's boot.ini file:

        GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini

    The variables  in the  above string  correspond to  the tag in the
    file, which is:

        <CFCONTENT TYPE="#FT#/#FST#" FILE="#FilePath#">

Solution

    Allaire has confirmed that the  bug exists, and will be  issuing a
    security bulletin with details about it and a fix shortly.   Until
    then, use the following information at your own risk.  GetFile.cfm
    does  not  appear  to  be  used  anywhere  in  any  of  the Forums
    templates.  Simply deleting the file or commenting out the code in
    the file should protect your server from this exploit.