Thanks, that's exactly the kind of help I was hoping for. I'll fix that as soon as I get home tonight.
-------------- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA "C code. C code run. Run code run. Please!" - Cynthia Dunning ....-----Original Message----- ....From: Nick McClure [mailto:[EMAIL PROTECTED] ....Sent: Wednesday, March 02, 2005 11:38 AM ....To: CF-Community ....Subject: RE: Another CF site to hack. .... ....When I try to login I get an error: ....The cause of this output exception was that: ....coldfusion.tagext.sql.QueryParamTag$InvalidDataException: Invalid data .... ....I was able to do this because the username field doesn't have a limit to ....the ....field size, so I send a value so large it broke it. .... ....Because of this I was able to get a look at a portion of your ....application.cfm and see how the authentication query works. .... ....One of the most important things is to ensure that even if your forgot to ....check something specific, the end user should never get an error like ....that. .... ....> -----Original Message----- ....> From: Ian Skinner [mailto:[EMAIL PROTECTED] ....> Sent: Wednesday, March 02, 2005 2:31 PM ....> To: CF-Community ....> Subject: Another CF site to hack. ....> ....> So can you all tell me the vulnerabilities I have in this site? ....> ....> www.sierraoutdoorrecreation.com ....> ....> -------------- ....> Ian Skinner ....> Web Programmer ....> BloodSource ....> www.BloodSource.org ....> Sacramento, CA ....> ....> "C code. C code run. Run code run. Please!" ....> - Cynthia Dunning ....> ....> Confidentiality Notice: This message including any ....> attachments is for the sole use of the intended ....> recipient(s) and may contain confidential and privileged ....> information. Any unauthorized review, use, disclosure or ....> distribution is prohibited. If you are not the ....> intended recipient, please contact the sender and ....> delete any copies of this message. ....> ....> ....> ....> .... .... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:148917 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
