If the injection was the one that went around a few months ago - check out this post
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-A SCII There is a "reverse" stored procedure that can undo the damage down in the comments. Be sure and read the post and comments (and related posts) - otherwise you will fight this over again until you get it right :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Mosh Teitelbaum [mailto:mosh.teitelb...@evoch.com] Sent: Wednesday, October 21, 2009 2:10 PM To: cf-talk Subject: After the fact: SQL Injection Scanner All: A client called today letting me know that their server had been breached and that some malicious code had been uploaded to the site. After doing some research into the particular files that were uploaded, it turns out that the attack is also usually accompanied by a SQL Injection attack. Their database is huge and, instead of manually going through the database looking for altered records, I thought to write some code that would scan the records and report any potential problems. Before doing that, does anyone know of any existing code that does that? Thanks in advance. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 WWW: http://www.evoch.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327461 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4