Mark's right. If you have the SQL injection code, you can essentially reverse engineer it and use it as a blueprint to fix the problems.
andy -----Original Message----- From: Mosh Teitelbaum [mailto:mosh.teitelb...@evoch.com] Sent: Wednesday, October 21, 2009 2:10 PM To: cf-talk Subject: After the fact: SQL Injection Scanner All: A client called today letting me know that their server had been breached and that some malicious code had been uploaded to the site. After doing some research into the particular files that were uploaded, it turns out that the attack is also usually accompanied by a SQL Injection attack. Their database is huge and, instead of manually going through the database looking for altered records, I thought to write some code that would scan the records and report any potential problems. Before doing that, does anyone know of any existing code that does that? Thanks in advance. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 WWW: http://www.evoch.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327465 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
