It is actually very difficult to change an application's rendered output, like in the case of obtaining version information. It is much easier to inject comparisons and see if the template continues to execute, and that would verify their inquiry. You are right an attacker that is just blanket attacking like that probably will see 403 errors and ignore it, but that is also why they hit a site everywhere they can because that injection will only work in specific conditions they hope you might have somewhere in your application.
On Fri, Nov 18, 2011 at 11:33 AM, <> wrote: > > >>If your site returned what they wanted, in this case SQL server > version information > > Ok, I see. In my case, I doubt the 403 error they get in return will help > them a lot ;-) > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348824 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm