> Hi all, > Does anybody recognize this URL string pattern > (%C2%A0%C2%A0It) as a > security exploit? For example:
> http://www.mywebsite.com/form.cfm?ID=89%C2%A0%C2%A0It > It produces the following error in CF: > Incorrect syntax near 'Â'. > SQL = "select * from DbName > where (ID = 89Â Â It)" > I've received a few of these in the past 24 hours, all > from Inktomi's IP > block. A Google search turns up nothing useful. > Any ideas? <cfqueryparam> 89A isn't a number and therefore requires quotes, but better the value should be explicitly cast as whatever data type the ID column is. And if you have time add a cferror template or sitewide error handler to the application/server and check the input values on the page to provide a friendlier "this isn't valid" message. I wouldn't expect it to be an "exploit", just somebody (maybe a robot) trying random junk to see what info they can get on your server. s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207540 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54