Status/Resolution/Reason: Closed/Fixed/Fixed
Reporter/Name(from Bugbase): Aaron Neff / ()
Created: 07/15/2018
Components: Language, Null Support
Versions: 2018
Failure Type: Incorrectly functioning
Found In Build/Fixed In Build: 2018.0.0.310739 / 2018,0,02,313075
Priority/Frequency: Major / Some users will encounter
Locale/System: / Windows 10 64 bit
Vote Count: 1
Issue: per-app null value can be hacked from address bar
Repro:
1) Install CF (standalone w/ default settings)
2) Create this app:
Application.cfc
-----------
component {THIS.name="nullHack" THIS.enableNULLSupport=true}
index.cfm
-----------
<cfdump var="#null#">
3) Access app w/ ?null=hack URL parameter
Actual Result: "hack" displayed
Expected Result: "[null]" displayed
Workaround: Enable the "Enable Null Support" setting in CF AdminAttachments:
Comments: