Just an FYI to everyone else i've been at my current post for 3 years and we've had pro-active error monitoring (versus re reactive "hey my site doesn't work") now for close to 2 years.
Just in the recent weeks we started seeing basic SQL injection hacks on site we host. We never saw anything like this till recently, so be on your toes. Like others have mentioned using CFQueryParam and Stored Procedures can help. Also putting the stuff into CFC's and forcing incoming vars to be typed help as well. (with everything except string of course). If you are looking for preventive stuff on top of those already mentioned you can look into the CF Firewalls which are starting to spring up. As well as there are those who have made some really cool stuff to help watch for this. I think Shawn Gorrell has some code (he mentioned it at a recent ACFUG meeting) you might reach out to him, http://www.illumineti.com/blog/, if he doesn't notice this thread. jonese On 8/6/07, Rey Bango <[EMAIL PROTECTED]> wrote: > Looks that way. > > Rey > > Rick King wrote: > > Hey all, > > > > I just received this email that is generated when there is an error on a > > site I built (www.woreitonce.com) > > > > -------------------E-MAIL-------------------------------- > > Invalid data 1 and 1=convert(int,(select top 1 char(97)+admin_password from > > tbl_adminusers)) for CFSQLTYPE CF_SQL_INTEGER. <br>The error occurred on > > line 30. > > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 > > Firefox/2.0.0.6 > > 81.10.46.130 > > > > /Details.cfm > > > > ProdID=1%20and%201=convert(int,(select%20top%201%20char(97)%2badmin_password%20from%20tbl_adminusers)) > > > > ---------------------E-MAIL------------------------ > > > > Is this a SQL injection attack? Anything I can do? > > > > Thanks > > Rick > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285494 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
