Hi all,
we would like to invite you all to attend one of our presentations at
one of the CFUG's we are visiting. If you like, you can check our
website or blog for details:
http://www.railo-technologies.com/en/index.cfm?treeID=364
http://www.railo.ch/blog/index.cfm/2008/7/21/US-Tour-is-next
If
In our application we have a cfc that we instantiate to a variable in certain
instances. This has always worked without issue until we got our new server.
On the new server, when I call the CreateObject method, it produces the error:
The filename, directory name, or volume label syntax is
In our application we have a cfc that we instantiate to a
variable in certain instances. This has always worked
without issue until we got our new server. On the new
server, when I call the CreateObject method, it produces the error:
The filename, directory name, or volume label syntax
I changed it to the dot notation but still got the same error. We have a map
to the root and the xyz/lts directory is directly below the root.
Please note my new email address.
David Phelan
Senior CF Developer
LifePoint Informatics (Formerly Labtest.com)
(201) 447-9991 Ext. 318
[EMAIL
I changed it to the dot notation but still got the same error. We have
a map to the root and the xyz/lts directory is directly below the root.
I had a problem like this a long time ago. Deleting and re-creating the
mapping solved it.
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
This is a popular and very malicious SQL injection attack that is making the
rounds:
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-A
SCII
-Mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
This is some sort of encoding... Like Bin Hex, Spammers use it to obscure
urls and such. Computers read it just fine. If you look around on the
internets you can find a decoder to render it to human readable form. You
just need to figure out what sort of encoding they are using
On Mon, Jul 21,
Read this:
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-A
nd-ASCII
~Brad
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:55 AM
To: CF-Talk
Subject: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Just was
Why bother looking around the internet? Use your SQL server to decode
it!
Simply change the exec to a print statement. Very important! :)
~Brad
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:59 AM
To: CF-Talk
Subject: Re: (ot) URL Hack
Why bother looking around the internet? Use your SQL server to decode it!
Huh... Learn sumptin new every day. That is why I keep coming back here. ;)
Thanx Brad.
~G~
On Mon, Jul 21, 2008 at 11:06 AM, Brad Wood [EMAIL PROTECTED]
wrote:
Why bother looking around the internet? Use your SQL
That did it! Thanks Very Much!
Please note my new email address.
David Phelan
Senior CF Developer
LifePoint Informatics (Formerly Labtest.com)
(201) 447-9991 Ext. 318
[EMAIL PROTECTED]
-Original Message-
From: Andrew Tyrone [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008
Tried printing the code in SQL Analyzer and got nothing. Can anyone
translate it to text? Not sure what I am missing.
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
Can we please stop distributing this script ;)
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:32 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Tried printing the code in SQL Analyzer and got nothing.
Good point. My bad...
-Original Message-
From: Dave Francis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:39 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Can we please stop distributing this script ;)
-Original Message-
From:
Works great for me. You have to remove the extra line breaks though.
Here is what it does:
DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR
select a.name,
b.name
from sysobjects a,syscolumns b
where a.id=b.id
and a.xtype='u'
and (b.xtype=99
or b.xtype=35
or
We are now using CF8 and want to take advantage of features in application.cfc.
In particular we want to take advantage of the missing template handler of CF8
application.cfc.
However, in our current application.cfm file we had defined 20 or so variables
that were not scoped (eg.
I appreciate your concern, but I'm pretty certain the bad people out
there wanting to use this already know how to do it if they haven't
already.
One doesn't have to be too creative to come up with unique ways of
screwing with databases.
Drop database foo
Crap, I just let another one slip.
I've got a simple component that I'm instantiating to maintain a persistent
variable. Basically, the CFC checks for new entries in a table, and if there
are any, sets this variable to be the last entry's id. The next time the CFC is
called, it will check for new entries using this variable as
Yep, read the post. Must have been the line breaks that messed things up.
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:42 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Works great for me. You have to
I've got a simple component that I'm instantiating to
maintain a persistent variable. Basically, the CFC checks for
new entries in a table, and if there are any, sets this
variable to be the last entry's id. The next time the CFC is
called, it will check for new entries using this
However, in our current application.cfm file we had defined
20 or so variables that were not scoped (eg.
xcachepath=/cache. In application.cfc, these variables
evidently need to be scoped (eg.
request.xcachepath=/cache. This is a huge website and the
thought of searching and replacing
What happens if you create those unscoped vars in onRequest?
Adrian
-Original Message-
From: Richard Steele [mailto:[EMAIL PROTECTED]
Sent: 21 July 2008 16:44
To: CF-Talk
Subject: Problems with switching from application.cfm to application.cfc
We are now using CF8 and want to take
Drop database foo
Crap, I just let another one slip. Brace yourself for another wave of
attacks... :)
Lets not forget what a mess Little Bobby Tables made.
http://xkcd.com/327/
--
If everything seems under control, you're not going fast enough
-- Mario Andretti
It's as if they don't exist. Variable not found errors abound.
What happens if you create those unscoped vars in onRequest?
Adrian
We are now using CF8 and want to take advantage of features in
application.cfc. In particular we want to take advantage of the missing
template handler of CF8
Mutha!!!
Our company JUST had this happen. We're working through it right now.
Thanks for the confirmation guys. Appreciated.
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 10:42 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me
I am seeing these too on our site, in errors generated by bad data going
into a cfqueryparam.
If several people on this list are seeing this attack, it must be pretty
widespread.
-- Josh
- Original Message -
From: Che Vilnonis [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
I've got a simple component that I'm instantiating to
There is nothing in the code you've shown that is browser-specific. So, the
problem is somewhere else.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction
We're getting hit hard today with this. They're failing, because we
use cfqueryparam and cfprocparam. But it is quite annoying.
-KJ
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the
H-Shpere was unfortunately bought by the same folks that own Plesk - a
company now called Parellels. I would not be surprised if they attempt
to move H-Shpere users toward Plesk in the very near future.
Parallels was previously SW-Soft - makers of Plesk and Virtuozzo and a
whole host of very
We're getting hit hard today with this.
/rss.cfm?
Is is just rss.cfm? I haven't looked at our logs yet. Where did you see
this. The server log files?
~~G~~
On Mon, Jul 21, 2008 at 12:53 PM, Kris Jones [EMAIL PROTECTED]
wrote:
We're getting hit hard today with this. They're failing, because
Please accept my apologies. I should not have stated this on a public
mailing list. It was an emotional response to past experiences that I
should have kept under control.
Again, my apologies.
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering
Good on ya, mate. If there were an award for using cfqueryparam I would
give it to you.
Since this seems to be such a hot topic right now, has anyone heard of a
CFML code scanner to check for vulnerable cfqueries kind of like the var
scoper does?
Maybe we should write one to promote security in
I was just looking into that myself.
http://qpscanner.riaforge.org/
On Mon, Jul 21, 2008 at 1:06 PM, Brad Wood [EMAIL PROTECTED]
wrote:
Good on ya, mate. If there were an award for using cfqueryparam I would
give it to you.
Since this seems to be such a hot topic right now, has anyone
+1
Good idea!
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 1:06 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Good on ya, mate. If there were an award for using cfqueryparam I would
give it to you.
Since
Sweet nectar... I'm trying this out and blogging it tonight. If it's
pretty easy to run I think we should promote an international check your
freakin' cfqueries day! Who want to buy the party hats and streamers?
~Brad
-Original Message-
From: Joshua Cyr [mailto:[EMAIL PROTECTED]
Sent:
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
Even easier than monkeying with every single one of your cfquery's just add
following line to the TOP of all your application.cfm's:
cfif cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
cgi.QUERY_STRING contains EXEC(cfabort/cfif
This will immediately shut down execution
It'll show in your logs of course. We also have error reports that
dump the error info and certain collections and mail it to the dev
team.
-KJ
We're getting hit hard today with this.
/rss.cfm?
Is is just rss.cfm? I haven't looked at our logs yet. Where did you see
this. The server log
Even easier than monkeying with every single one of your
cfquery's just add following line to the TOP of all your
application.cfm's:
cfif cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO
contains EXEC( OR cgi.QUERY_STRING contains EXEC(cfabort/cfif
That would stop this specific
Band-Aids and duct tape...
Filtering for known attacks: moderately useful as a stop gap if you are
in the middle of an attack.
Holistic approach to seal the original vulnerability against ALL current
and future attacks (cfqueryparam): highly desirable.
~Brad
-Original Message-
From:
Just put the following line at the TOP of your application.cfm to innoculate
your CF webs against this attack:
cfif cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
cgi.QUERY_STRING contains EXEC(cfabort/cfif
peace, j
Just was looking at a 'user monitor' page on one of my
We had the same hack on our site, did you guys figure out exactly what happened
or how and where the sql was ran? or what the hackers purpose was?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
The hacker's hope is that you will be outputting one of those varchar
fields into a webpage without escaping HTML characters. The extra text
being inserted into the database fields will include a malicious
JavaScript file from another server into the webpage. I haven't looked
at the JS to see
The hacker's hope is that you will be outputting one of those
varchar fields into a webpage without escaping HTML
characters. The extra text being inserted into the database
fields will include a malicious JavaScript file from another
server into the webpage. I haven't looked at the JS
If several people on this list are seeing this attack, it must be pretty
widespread.
Until now, I just check for strings http or user in url.id
containing something else than an integer value.
I now just added DECLARE in the validation.
All my templates expecting id=some numeric
start with
For what it's worth, the specific URL that was injected in the sample I
saw
(http://1.verynx.cn/w.js) doesn't seem to work anymore. The server name
doesn't resolve.
===
Yeah, that suck, I was going to dissect it. It appears that DNS is
resolving it to 127.0.0.1. I didn't know you
For what it's worth, the specific URL that was injected in the sample I
saw
(http://1.verynx.cn/w.js) doesn't seem to work anymore. The server name
doesn't resolve.
===
Yeah, that suck, I was going to dissect it.
It is broken now, but this morning I was able to see the code.
Until now, I just check for strings http or user in
url.id containing something else than an integer value.
I now just added DECLARE in the validation.
All my templates expecting id=some numeric start with this
code (included):
CFIF val(id) EQ 0 AND (id CONTAINS http OR id CONTAINS
For those of you who have been hit by this attack and who need to try
something short of restoring your DB, this script will generate a series of
update statements in reverse of the hack that's been going around:
---
DECLARE @T varchar(255),
Dave...
What other ways are there? I know of two: EXEC and EXECUTE.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 1:05 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Even easier than monkeying with every
Just an FYI...
Our DBA (Ryan Cooper) took this same route and this is what he came up with.
Thought I'd share this with the group on his behalf. He notes that you need
to run this on each of your databases:
-- start
CREATE TABLE [dbo].[Infected](
[TableName] [varchar](255) NULL,
I took the time to save out all of the code from the JS file that was
inserted.
Anyone that would like this code, please contact me off list and I'll be
happy to zip it up for you.
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 2:25 PM
We're getting hit with this attack via a wide range of hosted domains, and
various files. Sitemap.cfm is a common one at this point.
andy
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 12:02 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt
Brad/dave,
Back when it was working the script did little more than insert a link inot
the page that sent the user to a tageted links site/page... In other words
it was a basic spam traffic generator - at least the ones on our sites.
-mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
That's fine, until the attack pattern contains something else, like
Unicode
sequences.
Not from the same address though, because it is banned now.
And the purpose of my code is not to replace CFQUERYPARAM.
It is to add an extra feature that will not only protect the database,
but ALSO
the
And embedded in his code is one of the other ways of executing SQL - using
sp_executeSQL His script is better than mine I think.
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Andy Matthews
What other ways are there? I know of two: EXEC and EXECUTE
http (http injection) and user (SQL injection) are classics.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address:
I'm just talking about executing SQL, not SQL injection methods.
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 2:41 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
What other ways are there? I know
Good day!
I'm having a problem with the cfpod tag in coldfusion 8 - seems to be an issue
in IE only. When the pod contents exceed the pod's defined width, Firefox
correctly maintains the width of the pod and adds a horizontal scroll bar to
the bottom of the pod. IE, on the other hand, displays
.and all hackers ALWAYS use the same IPcause they'd never get
caught that way...hehe
yes...that was meant to be sarcastic ;-)
I see where you're coming from Claude, I just think (as Dave appears to)
that you're wasting your timelet CFQUERYPARAM do what it's meant to.
Cheers
-
For me, all attempts are focusing on rss.cfm. Another post said they saw
sitemap.cfm being hit. Can anyone confirm any other templates that are being
hit? Perhaps only 'commonly named' templates are being hit?
Che
~|
Adobe®
Easy. sp_executesql
The point here is, you can spend a lifetime guessing every bad way a
hacker can ruin your database. The root cause however is that your
input is not bound to a parameter in your SQL statement. Cfqueryparam
closes that hole for good. Whether you want to ban people IPs a and
I have all of the js files open and saved to a text file, fwiw, from this
morning.
On Mon, Jul 21, 2008 at 3:24 PM, Claude Schneegans
[EMAIL PROTECTED] wrote:
For what it's worth, the specific URL that was injected in the sample I
saw
(http://1.verynx.cn/w.js) doesn't seem to work anymore.
We've been dealing with these too - to address Che's question they were
crawling here for pages with query strings but not much else - as well
as our implementing solutions offered here (much appreciation to all),
our net. admin. simply shut down these attacks at the firewall -
Sonicwall is
The attempts are based on a google search of .cfm files with parameters that
can be exploited.
(They have automated the page search, as well as the attack itself.)
It is not a cf specific attack, but is also nailing php, asp, and .net
sites.
Here is a decent writeup of it all.
Does anyone know the character code for this character: .
My Mac users are uploading files with this character and it does not work in
a URL string... I'd kill it but I don't know what character it is. Using .
in a regex replace does not work.
Robert B. Harrison
Director of Interactive
NO. The character got converted to a period. It looks like a bullet.
Robert B. Harrison
Director of Interactive services
Austin Williams
125 Kennedy Drive, Suite 100 Hauppauge NY 11788
T : 631.231.6600 Ext. 119
F : 631.434.7022
www.austin-williams.com
Great advertising can't be either/or...
We got hit, and, according to the IIS logs, they hit non-standard templates in
varied directories:
/indexPrint.cfm
/events/institute.cfm
/search/TaxonomyResults.cfm
/conferences/article.cfm
/applications/statsmap/detail.cfm
I don't see much of a pattern.
Cameron
For me, all attempts are
Robert,
Can't see the character, but check out http://www.asciitable.com and see if
you can find it there.
Dave
-Original Message-
From: Robert Harrison [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 3:17 PM
To: CF-Talk
Subject: Mystery Character
Does anyone know the character
I can confirm that many templates in our site are being hit. And they
are not commonly named.
-KJ
For me, all attempts are focusing on rss.cfm. Another post said they saw
sitemap.cfm being hit. Can anyone confirm any other templates that are being
hit? Perhaps only 'commonly named' templates
Yeah, that suck, I was going to dissect it. It appears that
DNS is resolving it to 127.0.0.1. I didn't know you could do
that. verynx.cn resolves to 121.12.169.186, but it returns a
404 when I submit a GET for w.js.
Here's a sample, from another .js file used:
window.status=;
Not from the same address though, because it is banned now.
This appears to be a botnet-driven attack. Blocking addresses may be
problematic in that case.
And the purpose of my code is not to replace CFQUERYPARAM.
That's fine. My concern isn't really with you, Claude, but with people who
What other ways are there? I know of two: EXEC and EXECUTE.
Some people already mentioned sp_executesql, which is the preferred approach
nowadays. But what about Unicode character conversion? What about from the
shell using sp_cmdshell to fetch batch files remotely and execute them with
Here's another question. Are sites that rewrite URLs (i.e., no .cfm
extension in the url) more or less NOT being hit by these malbots?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get
.and all hackers ALWAYS use the same IPcause they'd never get
caught that way...hehe
yes...that was meant to be sarcastic
It does not look sarcastic to me, just may be a little retarded ;-)
I see where you're coming from Claude, I just think (as Dave appears to)
that you're wasting
I don't see that character in the ASCII list, but it's a bullet character.
Mac users can insert it into file names using option 8 on the Mac.
When they upload a file with that character it converts to something else
(also not in the ASCII list) that can't be found when used in a URL string.
Try here:
http://www.miniguidez.com/macosx/keystrokesguide/specialcharacters/specialcharacters.html
It lists decimal and hex values for corresponding mac keystrokes.
On Mon, Jul 21, 2008 at 3:43 PM, Robert Harrison [EMAIL PROTECTED]
wrote:
I don't see that character in the ASCII list, but it's
This appears to be a botnet-driven attack. Blocking addresses may be
problematic in that case.
Why do you all want to interpret this as a final solution?
Blocking an IP will NOT block ANY attack, it will just stop the current
attack from THIS address, period.
But it is safer than letting the
I've ran into things like this before. Is there a CF function (or even
a way in Java) to take a character and return the ASCII code for it?
(Or whatever is appropriate, I don't know if ASCII is really the right
term)
~Brad
-Original Message-
From: morgan l [mailto:[EMAIL PROTECTED]
Doesn't asc('x') do that? Or am I missing something?
Dave
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 3:53 PM
To: CF-Talk
Subject: RE: Mystery Character
I've ran into things like this before. Is there a CF function (or even
a way in Java)
Actually, I just looked it up:
http://livedocs.adobe.com/coldfusion/6/CFML_Reference/functions-pt121.htm
According to this page, starting in MX 6, asc() supports values up to 65536,
so it should work for you.
Output your character value to the screen with asc(sFunkyCharacter) and
you'll find
Well there you have it! That was pretty simple...
Thanks Dave.
-Original Message-
From: Experienced CF Developer [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 4:00 PM
To: CF-Talk
Subject: RE: Mystery Character
Actually, I just looked it up:
I like your idea:
cffunction name=onRequest ...
cfargument name=targetPage
cfset xcachepath = /cache
...
cfinclude template=#Arguments.targetPage#
...
/cffunction
However I'm not sure how to implement this. What is the targetpage? Since this
is the root
Mark,
Thanks for the info. I tried this and it located the code. I removed the
comment and Executed however, the code still remains.
Any help you can offer would be great!
Thanks!
For those of you who have been hit by this attack and who need to try
something short of restoring your DB,
Did I really just read that? Please, someone, anyone, tell me that I
didn't.
Claude, you're certainly free to do what you wish to do in your own
applications, so this comment is not directed to you at all.
For those of you who are actually trying to learn and become better
Why do you all want to interpret this as a final solution?
Blocking an IP will NOT block ANY attack, it will just stop
the current attack from THIS address, period.
But it is safer than letting the malbot try every page it can
find,... until it does find one in which CFQUERYPARAM was
Hi,
I am creating a PDF from a dynamically created HTML page. To attempt to
minimize styling problems and other issues, I use cfhttp to call a page
template which builds the HTML using query results. Then I simply output the
page content within the cfdocument tags.
I've done this before, without
And for those of you who take this advice and DO use cfqueryparam
***always*** make sure you NEVER use SELECT * (which you shouldn't do
anyway).
I inherited an application that had a ton of SELECT * all over it and no
cfqueryparam tags. Over the years I added cfqueryparam tags as I worked on
the
Brad,
This took care of part of the issue... but not all.
I get this error:
Msg 8152, Level 16, State 13, Line 1
String or binary data would be truncated.
The statement has been terminated.
Does anyone know what I need to do to get around the error above?
thanks!
Works great for me. You
Ahhh...so there were other reasons for doing what you are doingthat
makes much more sense.
As Dave already saidI too was concerned about your solution being
put forward in a security context...because it's not.
It is of course a valid way to deal with server load issues you have
As a rule I use cfqueryparam. And generally try to stick to stored
procedures, and use cfstoredproc/cfprocparam. However, I am now
working with an app that uses cached queries regularly, and is still
on CF7. You cannot use cfqueryparam with a cached query in CF7. What
are the alternatives?
-KJ
Hmm, I sure hope you replaced the exec with a print statement
-Original Message-
From: Heikki Heikkinen [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 4:48 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Brad,
This took care of part of the
Cache result sets manually. You can wrap that up nicely in a custom
tag.
~Brad
-Original Message-
From: Kris Jones [mailto:[EMAIL PROTECTED]
I am now
working with an app that uses cached queries regularly, and is still
on CF7. You cannot use cfqueryparam with a cached query in CF7.
Hey, as long as you're being honest and frank about the situation, I know
I, for one, appreciate knowing not just that there are products out there,
but how they work and are or are not supported.
Your experience can save others of us tens of thousands of dollars, as well.
Rick
-Original
Having upgraded to CF8 with no code changes I am seeing a socket event gateway
accept an xml message line by line and not the entire xml packet in one shot
(each line is shown in the log separately). Passing a simple sentence with a
return in it also becomes 2 events. This obviously causes
I went to look at a site I do side work for and they got hit. No... not my
stuff. :)
We are going to be reading about this on all the tech rags like Info World
and Zdnet tomorrow.
ZDnet will prolly post it with a H1 tag with a blink tag for good measure.
One of the things about SQL server I
We are going to be reading about this on all the tech rags
like Info World and Zdnet tomorrow.
It was in those a week or two ago, already. This is not new. Originally, it
primarily targeted classic ASP apps. HP released a free vulnerability
scanner called Scrawlr in response.
Dave Watts, CTO,
Yeah... what Rick said.
Psoft put out a great product. H-Sphere is/was a great product. Sorry to
hear about that... and your experiences.
Your words were kind compared to what I had to say during the Rehat Debacle
of 02. ;)
~G~
On Mon, Jul 21, 2008 at 6:29 PM, Rick Faircloth [EMAIL PROTECTED]
Firewall solution is another way, we block anything in the url with CAST( OR
EXEC(
Thank You
Dan
On Mon, Jul 21, 2008 at 8:08 PM, Dave Watts [EMAIL PROTECTED] wrote:
We are going to be reading about this on all the tech rags
like Info World and Zdnet tomorrow.
It was in those a week or
1 - 100 of 107 matches
Mail list logo
