Hi list. Long time lurker - In the course of investigating a SQL injection attack attempt on our site, I came across a strange set of bugs. Using CF9, linux 64, apache.
The attacking machine was sending POST requests to random templates containing ampersands inside a POST variable (i.e. not properly URL encoded). I am able to simulate the effect of the attack request with this: <cfhttp url="http://any_site.com/any.cfm"; method="POST"> <Cfhttpparam name="userid" encoded=no value="1064001"" type="formfield"> </cfhttp> ColdFusion freaks out on seeing this and throws an exception before it even gets to the template: ROOT CAUSE: java.lang.IllegalArgumentException at coldfusion.filter.FormScope.parseQueryString(FormScope.java:355 HTTP 500 is sent to the user. That's all fine and well, and if that was the only issue here, then no big deal. Unfortunately, at least on linux (I can't test other platforms), this error then proceeds to destabilize the JRun thread the next time a user loads a page and touches that worker thread, throwing the error: 09/06 22:41:41 error (JRun Service: ProxyService [jrun.servlet.jrpp.JRunProxyService@75602291]) JRunPRoxyServer.invokeRunnable: java.lang.IllegalStateException This other user, who had nothing to do with the original attack, gets sent an HTTP 503 error message as the thread terminates on them. What happened is that the attacker on our site sent hundreds/thousands of these malformed requests (through some mis-configured bot program), which has resulted in disruptions to regular users who are getting 503 errors forced onto them. So, I was curious if anyone else has seen this behavior before, and if so what can be done to stop it. Is there an underlying issue that has been patched that I'm not aware of? I note that there have been similar reports of related instability of threads: http://forums.adobe.com/thread/950350 but this seems to be a different case. Thanks for any ideas you may have. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352450 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
