Here's an idea for a little code that could be included in every page:
<!---
Filename: act_SQLHackPretect.cfm
Description: Checks common url ID variables for whether they are INTs or
not. If "DROP"
or "TABLE" or "DATABASE" are found, then an
email is sent to webmaster and
a warning message is displayed.
Version: 1
Created On: 6/14/01
Created By: Dutch Stiphout
Last Modified On: 6/14/01
Last Modified By: Dutch Stiphout
--->
<!--- variables to protect against: Attributes.publisherID, Attributes.ProductID,
Attributes.CategoryID --->
<cfset dangerlist="Attributes.publisherID,Attributes.ProductID,Attributes.CategoryID">
<cfloop list="#dangerlist#" index="param">
<cfif isDefined("#param#")>
<cfif NOT isNumeric(Evaluate(param))>
<cfif FindNoCase("drop",Evaluate(param)) IS NOT 0 OR
FindNoCase("table",Evaluate(param)) IS NOT 0 OR
FindNoCase("database",Evaluate(param)) IS NOT
0 OR
FindNoCase("droptable",Evaluate(param)) IS NOT
0>
<cfmail from="HackProtector <system@#cgi.server_name#>" subject="Hack Attempt Report"
to="#Request.webmasteremail#" type="HTML">
Dear Sir,
An attempt was made to hack #cgi.server_name#. Logged information is as follows:
<pre><cfif isDefined("client.userid")>Forums UserID: #client.userid#</cfif>
cgi.server_name: #cgi.server_name#
cgi.query_string: #cgi.query_string#
cgi.path_info: #cgi.path_info#
cgi.path_translated: #cgi.path_translated#
cgi.script_name: #cgi.script_name#
cgi.remote_addr: #cgi.remote_addr#
cgi.remote_ident: #cgi.remote_ident#
</pre>
</cfmail>
<cfabort showerror="SQL Found in URL.<br>Your IP has
been logged and your actions have been reported to the webmaster.<br>Please refrain
from any further action of this sort.">
<cfelse>
<cfabort showerror="Error in URL Parameter #param#:
#Evaluate(param)#.">
</cfif>
</cfif>
</cfif>
</cfloop>
It's a little nicer to people who mess up typing in a url, but will definitely catch
you if you try typing in SQL stuff. I did this in addition to using cfqueryparam (or
val(xxx) for cached queries, which, for some reason, don't allow you to use
cfqueryparam)
Hope this helps!
-Dutch
---------- Original Message ----------------------------------
From: "Don Vawter" <[EMAIL PROTECTED]>
Date: Thu, 14 Jun 2001 15:07:10 -0600
>Thanks to the many who responded. There were a number of excellent
>suggestions of additional methods of prevention and I have included those on
>the page as well as included some sample code.
>http://www.vawter.com/urlhack.cfm
>
>Incidentally the culprit tried again but was unsuccessful. I have filed an
>abuse ticket his/her isp (@home). Thanks to the many who sent helpful
>comments. I hope the page has be useful to somebody.
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_jobs or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
