正常的ColdFusion模板调用错误会被<cferror>或者<cftry> / <cfcatch>捕获。但是当
web站点有一个application.cfm（或者onrequestend.cfm)时，如果用户试图从客户端直
接调用它,ColdFusion将返回一个错误信息页面，其中会显示Web服务器的根路径。因为
这两个模板是ColdFusion保留的用来进行应用层设置，不该直接从web客户端调用。

<* 来源:  Marcel van Waaijen <m.van.waaijen@INTERVIEW-NSS.COM>  *>





测试程序：
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性，仅供安全研究 教学之用。使用者风险自负！


比如:

如果直接输入下列URL:
http://www.website.com/application.cfm
http://www.website.com/onrequestend.cfm

将产生类似下面的错误页面:

  _____

Error Occurred While Processing Request


Error Diagnostic Information


Invalid Request of D:\INETPUB\WWWROOT\APPLICATION.CFM File


You have requested a template with the name APPLICATION.CFM or
ONREQUESTEND.CFM. These file names are reserved by the ColdFusion engine for
the specification of application level settings and therefore cannot be
directly requested from a web client.


If you are creating a template which is intended for direct access by end
users you should use a name other than APPLICATION.CFM or ONREQUESTEND.CFM.

  _____


--------------------------------------------------------------------------------

建议:

这个问题已经在Allaire ColdFusion Server 4.5.1 中解决，请更新到4.5.1