While this is possible via xp_cmdshell (MS SQL Server), it is unlikely since the majority of SQLi attacks affect your data and MD stated that the actual .cfm files themselves had the text inserted.
~Brad -------- Original Message -------- Subject: RE: HoF invaded From: "Paul Vernon" <paul.ver...@web-architect.co.uk> I suspect you have a query vulnerable to SQL injection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326325 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4