[CLUE-Tech] Strange URLs in a ColdFusion Site
Jed S. Baer
thag at frii.com
Thu Apr 1 14:17:37 MST 2004
Hi Folks.
Well, actually, I've seen this on a non-ColdFusion site as well.
It appears to me that some software, ColdFusion and Expression Engine, are
using the "/" character as a CGI delimiter. Here's two sample sites.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=420981 -- which
redirects to a page where you'll see /Delivery.cfm/ in the URL. If you
click on the "download document" link, you get a page having
/Delivery.cfm/Delivery.cfm/ in the URL, and successive clicks just result
in increased stacking of that chunk into the URL. (At least on my system,
in Mozilla 1.3).
A friend who uses IE reports that the link works correctly to download the
article.
Another site, running the Expression Engine CMS (successor to pMachine),
is <http://www.ohnopueblo.org/ohno/index.php>, where there are links like
this one: http://www.ohnopueblo.org/ohno/index.php/weblog/archives/
I decided to download the trial copy of EE, just to see how it makes this
work.
But I figured input from CLUEbies on what seems to me to be a strange and
easily broken technique would be helpful.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list