The hacker's hope is that you will be outputting one of those varchar fields into a webpage without escaping HTML characters. The extra text being inserted into the database fields will include a malicious JavaScript file from another server into the webpage. I haven't looked at the JS to see what it does, but it probably tries to load some Trojan via an active X applet or something.
To clean your database, I would recommend reverse-engineering the attack to loop over your database columns and remove the text they placed in there. In the mean time, shut your site down so you don't infect your customers. ~Brad -----Original Message----- From: Wayne Janeck [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 1:43 PM To: CF-Talk Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... We had the same hack on our site, did you guys figure out exactly what happened or how and where the sql was ran? or what the hackers purpose was? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309366 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
