"One of my favorites is the use of the SQL Server system stored procedure xp_cmdshell to open a command shell, which can be used to fetch a file from an attacker's FTP server and run it."
I always knew Dave was a cracker (not hacker!) extraordinaire :-) --- Billy Cravens ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists