The items in red is where your problem lies! a simple sql statement via the url could delete all data from your db. Have a look at your webserver log file, do a search for DELETE, if its anywhere in the log file then see if its a SQL statement, if so, thats the hacker, trace its IP address...
To solve your probs in the future use #val(yourVariable)# for any integer used in your SQL clause, i.e. ## without the single quotes around it... Taco Fleur PS. there are many sites out there that do not know about this, I used to work for a company called RP Data who I told about this problem, but they don't care (or did not believe me). You can completely take over servers with this hole... www.massiveauctions.com is another one with the hole, I also told them but they don't care! Funny, people are playing with other peoples personal information and they just don't care.... > Hi all, > > I ran into a big problem this morning when I found out that all the data > from my table were somehow deleted. I wanted to make sure that it wasn't my > code so I did an extended search for "delete from tablename" and "delete > tablename" in my code and I'm positive that there is only one instance that > I do a delete from this table. I had this happen a long while ago to the > same exact table. Here is my delete page, any ideas on how this could've > happened would be greatly appreciated. > > > <CFQUERY NAME="getTenantCoding" DATASOURCE="#rentDSN#"> > SELECT CItem > FROM CodeOfUnits > WHERE CItem=#CItem# AND UnitNo='#UnitNo#' > </CFQUERY> > > <CFIF getTenantCoding.recordCount GT "1"> > > <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#"> > DELETE CodeOfUnits > WHERE UnitNo='#UnitNo#' AND CItem=#CItem# > </CFQUERY> > > <CFSET notice="Tenant info has successfully been deleted!"> > > <CFELSE> > > <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#"> > DELETE CodeOfUnits > WHERE UnitNo='#UnitNo#' AND CItem=#CItem# > </CFQUERY> > > <CFQUERY NAME="deleteTenant" DATASOURCE="#rentDSN#"> > DELETE Tenant > WHERE CImproveNo=#caseNo# AND UnitNo='#UnitNo#' > </CFQUERY> > > <CFSET notice="Tenant info has successfully been deleted!"> > > </CFIF> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
