On the SQL injection subject, here's something I add in all my projects.
I usually use this snippet of code to intercept at the top level. It
helps.
<cffunction name="isSQLInjection" access="public" hint="Checks to see if
there is a possible SQL Injection attempt">
<cfscript>
if ( isdefined("cgi.query_string") and (
findnocase("DECLARE",cgi.query_string) or
findnocase("CAST(",cgi.query_string) or
findnocase("EXEC(",cgi.query_string) or
findnocase("EXEC%",cgi.query_string) or len(cgi.query_string) gte 700
) ) return true;
else return false;
</cfscript>
</cffunction>
> -----Original Message-----
> From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> Sent: Friday, January 15, 2010 2:44 PM
> To: cf-talk
> Subject: RE: Recent SQL Injection attacks
>
>
> For coldfusion, I use Fusionreactor.. I look at the request history,
> and you see the templates that were recently called with the url
> parameters.. when an attack is in progress, you see a lot of them
> with big url parameters. Easy to see at a glance. Best part is then
> you can view the sql queries that ran and how many rows were
> affected! I can verify that they don't get through to the real
> database - just the query logging the attempt in my HACK database!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329712
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
