Gabriel, Nice job on this. Looks like it works rather spendidly.
-Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Gabriel [mailto:[EMAIL PROTECTED] Sent: Sunday, July 27, 2008 7:05 PM To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta To anyone who happened to use the regex I posted earlier I have an updated method to be used in place, effective immediately. // Short list of db objects to protect DBObj.short = 'database|function|procedure|role|table|trigger|user|view'; // Sql Threat Indicators blackList = '@@|' & '(?:alter.*?(#DBObj.short#))|' & 'cast.*?\(|' & 'char.*?\([\w]{2}\)|' & '(?:create.*?(#DBObj.short#))|' & '(?:declare.*?@|cursor)|' & 'delete.*?from.*?_|' & '(?:drop.*?(#DBObj.short#))|' & 'exec.*?\(|' & 'insert.*?values.*?\(+?|' & 'schema[^\w]+?|' & 'sysObjects|' & 'truncate.*?table|' & 'update.*?set+?|' & '[sx]p_[\w_]+?|' & '\''.*?-{2}|-{2}.*?\''' & '/\*.*?\*/'; // Build the java pattern matcher rePattern = createObject('java', 'java.util.regex.Pattern'); rePattern = rePattern.compile(blackList); reMatcher = rePattern.matcher(''); Then use reMatcher.reset(lcase(var_to_scan)).find() to scan the var. This will fix a problem in which a long string containing too many back references for non-word chars can cause a stack overflow. As much as I love CF, I find the native regex implementation sadly lacking. My apologies to anyone already using it, I guess this is what I get being drawn into posting code I hadn't had a chance to fully test. If anyone has problems with, or enhancements to the above, please let me know. Also, thank you to Mary Jo for adding me to the credits. My surname is Read FYI in case you still desire to include me. Regards, Gabriel Read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309784 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
