Re: SQL injection attack on House of Fusion

Sat, 09 Aug 2008 05:53:08 -0700 

Depending on your default directory settings in httpd.conf, you may  
need to add the following directory attributes as well to your site to  
allow mod_rewrite to operate:

#Allow mod rewrite on this directory
<Directory /srv/www/htdocs/mysite>
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>

Also, you can use pipe delimiters in the RewriteCond to add additional  
SQL statements you might want to watch for (The syntax I'm seeing is  
mostly MSSQL specific, but that could change):

#Add the following if the site isn't using mod_rewrite yet
RewriteEngine on
#SQL Injection Redirects
RewriteCond %{QUERY_STRING} .*DECLARE.*|.*NVARCHAR.*|.*EXEC\ 
(@.*|.*TRUNCATE TABLE.*|.*INSERT INTO.*
RewriteRule ^(.*)$ /violation.htm [NC,L]

HTH,

Jon

On Aug 9, 2008, at 7:32 AM, Matt Williams wrote:

> On Fri, Aug 8, 2008 at 11:12 PM, Raymond Camden <[EMAIL PROTECTED]>  
> wrote:
>> Hmm. I'm having no luck with this. I'm trying it on a blogcfc site,  
>> so
>> it's being added after /...., so I also added path_info
>>
>> RewriteEngine on
>> RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
>> RewriteRule ^(.*)$  /violation.htm
>> RewriteCond %{PATH_INFO} .*DECLARE.* [NC]
>> RewriteRule ^(.*)$  /violation.htm
>>
>> And it's not picking up when it sees declare in the url.
>
>
> Here's what I have within my <VirturalHost> block:
>
> RewriteEngine On
> RewriteOptions Inherit
> RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
> RewriteRule ^(.*)$  /violation.htm [nc,L]
>
> Also, uncomment the
> LoadModule rewrite_module modules/mod_rewrite.so
>
> And make sure you restarted Apache for changes to take effect. With
> that I can do this and get redirected:
> http://myDomain/?foo=declare
> http://myDomain/?declare
>
>
> -- 
> Matt Williams
> "It's the question that drives us."
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310606
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to