Hi Mark, You missed the first part of my post.. they actually look up all of the table names and field names! They don't do it by throwing random errors!
And it replaced all of the text instead of appending. Appending is easier to fix. Luckily nothing of importance is stored in that database and I had daily backups. Had to go back a week to get the uninfected backup This was a really simple website I must have written in Cold fusion version 2 for a friend and haven't touched it in many years. The same attack was tried on my main website but didn't work. At 06:44 PM 4/19/2010, you wrote: >Al, > >These sort of attacks increase and decrease in waves unfortunately. I spent >a few hours fixing a customer server this week myself. Very similar >codewise: > >http://www.coldfusionmuse.com/index.cfm/2010/4/16/SQLi-char-urchin > > >-Mark > >Mark A. Kruger, MCSE, CFG >(402) 408-3733 ext 105 >www.cfwebtools.com >www.coldfusionmuse.com >www.necfug.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333020 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm