This is a popular and very malicious SQL injection attack that is making the
rounds:
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-A
SCII
-Mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST(0x44
> I changed it to the dot notation but still got the same error. We have
> a map to the root and the xyz/lts directory is directly below the root.
I had a problem like this a long time ago. Deleting and re-creating the
mapping solved it.
I changed it to the dot notation but still got the same error. We have a map
to the root and the xyz/lts directory is directly below the root.
Please note my new email address.
David Phelan
Senior CF Developer
LifePoint Informatics (Formerly Labtest.com)
(201) 447-9991 Ext. 318
[EMAIL PROTECTED
> In our application we have a cfc that we instantiate to a
> variable in certain instances. This has always worked
> without issue until we got our new server. On the new
> server, when I call the CreateObject method, it produces the error:
> The filename, directory name, or volume label synt
In our application we have a cfc that we instantiate to a variable in certain
instances. This has always worked without issue until we got our new server.
On the new server, when I call the CreateObject method, it produces the error:
The filename, directory name, or volume label syntax is incor
Hi all,
we would like to invite you all to attend one of our presentations at
one of the CFUG's we are visiting. If you like, you can check our
website or blog for details:
http://www.railo-technologies.com/en/index.cfm?treeID=364
http://www.railo.ch/blog/index.cfm/2008/7/21/US-Tour-is-next
If
101 - 107 of 107 matches
Mail list logo
