>Don't forget to check things like "order by" variables. > >http://www.coldfusionmuse.com/index.cfm/2008/7/21/SQL-injection-using-order- >by > >Also with regard to application.cfm. Make sure every page is running that >file. For example, do you have "included" that might not be intended to be >run as URLs. Or do you have subdirectories that run cfm files that have >their OWN application.cfm or application.cfc file. > >-mark > > > > >Mark A. Kruger, CFG, MCSE >(402) 408-3733 ext 105 >www.cfwebtools.com >www.coldfusionmuse.com >www.necfug.com > > >> I'm no security expert, but from what I understood all the inline >> queries and input variables not being sanitized caused the sql >> injections. that has been cleaned up. what else can it be? > >http://www.owasp.org/index.php/Top_10_2007 etc. > >-- >Tom Chiverton >Helping to confidentially supply architectures > > > >**************************************************** > >This email is sent for and on behalf of Halliwells LLP. > >Halliwells LLP is a limited liability partnership registered in England and >Wales under registered number OC307980 whose registered office address is at >Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A >list of members is available for inspection at the registered office. Any >reference to a partner in relation to Halliwells LLP means a member of >Halliwells LLP. Regulated by The Solicitors Regulation Authority. > >CONFIDENTIALITY > >This email is intended only for the use of the addressee named above and may >be confidential or legally privileged. If you are not the addressee you >must not read it and must not use any information contained in nor copy it >nor inform any person other than Halliwells LLP or the addressee of its >existence or contents. If you have received this email in error please >delete it and notify Halliwells LLP IT Department on 0870 365 2500. > >For more information about Halliwells LLP visit www.halliwells.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313710 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
