Justin, I have to agree with Dave. Every possible client scope needs to be checked - and the form scope seems rudimentary to me. Not checking the form scope is like setting up a firewall and locking down everything except a few dozen ports near the bottom of the stack (after all ... we rarely get attacked from ports 10 through 30 :)
-Mark -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 4:43 PM To: CF-Talk Subject: RE: HELP! SQL Injection Attack! > Since nearly all SQL injection attempts come through the URL > (including the recent ones), that is where I put the focus. Nearly all automated SQL injection attempts come through the URL. The ones that, say, compromise peoples' credit card data, they typically come from forms. > With this script I would not recommend checking the form scope as > there is too high a risk of false positives. I've never heard of an > injection attack coming through CGI variables. I suppose it's > possible, but the percentage of queries using CGI scope data is > probably minuscule compared to URL variables. Again, targeted attacks will attempt to use any data that comes from the client. A brief review of the available tools for pen testing will show you that. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310499 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
