On Mon, May 2, 2011 at 11:48 AM, Mike Kear wrote: > Thankfully I'd heeded good advice and > used <cfqueryparam on all the queries in that site and nothing they > tried worked. They were submitting urls with parameters like : > /index.cfm?pid=111825&pgm=../../../../../../../../../../proc/self/environ&guestprogID=2 > and many many variations.
That is not an attempts at SQL injection at all. That is an attempt to test for a Linux vulnerability: http://lwn.net/Articles/191954/ Considering how long ago that vulnerability was fixed this was most likely a generic scan, not something tailored to ColdFusion or your sites. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344209 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm