So you know that it *always* prevents SQL injection in a standard
query (select, update or delete). That's a good enough reason to
always use it for me.
On Thu, Jul 24, 2008 at 10:58 PM, Claude Schneegans
[EMAIL PROTECTED] wrote:
Do you fully understand what cfqueryparam does when binding text
This is not the only case. If you use pooled statements on the
datasource (which is a default for CF) you can demonstrate another
case:
Create a table.
Select * from it in a CF template.
Add a column to the table in the DB.
Run the same template again.
See the problem.
On Thu, Jul 24, 2008 at
So you know that it *always* prevents SQL injection in a standard
query (select, update or delete).
Really? Can you give an example of injection that will be prevented?
--
___
REUSE CODE! Use custom tags;
See
I'll say it again.
ANY string passed into cfqueryparam cannot be executed as SQL:
select somecolumn
from sometable
where someothercolumn = cfqueryparam cfsqltype=varchar
value=URL.TryToHackThis
It is irrelevant what gets passed in the URL.TryToHackThis; it cannot
be executed as a SQL statement.
Obviously cfsqltype=varchar should be cfsqltype=cf_sql_varchar (my typo).
On Thu, Jul 24, 2008 at 11:55 PM, James Holmes [EMAIL PROTECTED] wrote:
I'll say it again.
ANY string passed into cfqueryparam cannot be executed as SQL:
select somecolumn
from sometable
where someothercolumn =
Jeez, and value=URL.TryToHackThis should be value=#URL.TryToHackThis#
That's what I get for answering at midnight.
On Thu, Jul 24, 2008 at 11:57 PM, James Holmes [EMAIL PROTECTED] wrote:
Obviously cfsqltype=varchar should be cfsqltype=cf_sql_varchar (my typo).
On Thu, Jul 24, 2008 at 11:55
ANY string passed into cfqueryparam cannot be executed as SQL:
Is it really possible to get an SQL statement executed from a string for
a text field
without closing the string first with an apostrophe?
--
___
REUSE CODE! Use custom tags;
See
Jeez, and value=URL.TryToHackThis should be value=#URL.TryToHackThis#
so you see that CFQP is not that easy to use ;-))
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this
: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
ANY string passed into cfqueryparam cannot be executed as SQL:
Is it really possible to get an SQL statement executed from a string for
a text field
without closing the string first with an apostrophe
Closing the apostrophe is exactly how SQL injection occurs with text
field
Ok, you got it!
BUT CFQUERY will escape that apostophe anyway, so that the SQL injection
will
just be part of the string stored in the field either you use CFQP or not.
--
___
REUSE
-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 11:32 AM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Closing the apostrophe is exactly how SQL injection occurs with text
field
Ok, you got it!
BUT CFQUERY will escape that apostophe anyway, so that the SQL injection
Not if you use MySQL. That DBMS allows for an alternative way to escape
those with a backslash.
Ok, then lets say that CFQP should alway be used with MySQl...
.. and you haven't turned off MySQL's default ways of escaping those
ticks
... IF you have not turn off MySQL's default ways of
:
!--- check the URL scope ---
cfif isDefined('url')
cfloop collection=#url# item=uItem
cfif isSQLInject(url[uITem])
Cfabort
... Or whatever action you want.
/cfif
/cfloop
/cfif
!--- check the FORM scope ---
cfif isDefined('form')
cfloop collection
: Radek Valachovic [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 12:12 PM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Do you think when I am using cfqueryparams for example with numbers like
this is secured
Using CFQUERYPARAM will secure your DB calls. That doesn't mean you don't
have other problems. But it does mean that executing arbitrary code against
the DB using user inputs (form, url, cookie) is no longer possible. When the
system sees something like cfqueryparam type=CF_SQL_CHAR value=blah
That's fair enough from a security stand point, but I still use cfqueryparam
with MS SQL for performance reason.
When your database executes a SQL statement, it generates an execution plan
that best fits that statement and it caches that plan in memory for later
use (so it doesn't have to be
]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 12:12 PM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Do you think when I am using cfqueryparams for example with numbers like
this is secured
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Using CFQUERYPARAM will secure your DB calls. That doesn't mean you don't
have other problems. But it does mean that executing arbitrary code against
the DB using user inputs (form, url, cookie) is no longer possible
When your database executes a SQL statement, it generates an
execution plan
that best fits that statement and it caches that plan in memory for later
use.
Ok, this is another example where CFQP is useful, as the doc says.
But if the query is not likely to be executed often, which is the case
Ok, this is another example where CFQP is useful, as the doc says.
But if the query is not likely to be executed often, which is
the case with small sites, generating the execution plan
might represent an overhead on the contrary.
(just assuming, I have not run tests, and I don't really
On Thu, Jul 24, 2008 at 10:48 AM, Radek Valachovic [EMAIL PROTECTED]
wrote:
Yeah I was reading in the forum this one, that using SELECT * is not good,
can u explain why on short example? What is Pro and Cons what other type of
security it gonna give me? Thanks
Not using SELECT * is more of a
A very particular situation though. It will not prevent me
from using SELECT * when I need all fields. This is more
efficient than list all of them.
It may be more efficient for you as you type them out, but it will be less
efficient for your database, which has to figure out what *
If you don't really care
I don't really care measuring the difference it makes, because it must
certainly be marginal,
and it is not because I don't care the difference it can made that I cannot
make a comment about it.
--
___
REUSE CODE! Use custom tags;
It may be a silly question, but why a SELECT * will brake
because an unused column was dropped?
For the same reason that SELECT * will break if you use it in a view, run
the view, then change the underlying schema. The * gets dereferenced to
actual columns in the execution plan, which gets
it's safe to say that avoiding * is a good idea,
Now that's the kind of statement I prefer: a good idea,
better than *always* or *never* :-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any
Fine, it's always a good idea to never use *
;-)
--- Ben
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 2:13 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
it's safe to say that avoiding
On Thu, Jul 24, 2008 at 11:20 AM, Claude Schneegans
[EMAIL PROTECTED] wrote:
A very particular situation though.
Perhaps, but the following demonstrates how this kind of issue can be even
more problematic when the table is changed in such a way that no error is
thrown by the view...
CREATE
What would you suggest for this kind of thing:
Select USERID
from users
where email = '#trim(arguments.email)#' and password =
'#trim(arguments.password)#'
Something like this?
Select USERID
from users
where email = cfqueryparam value=#trim(arguments.email)#
cfsqltype=CF_SQL_VARCHAR
This is starting to sound like a bad multiple choice question from a college
final... :)
~Brad
- Original Message -
From: Ben Forta [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 1:15 PM
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My
Whatever the length of the column in your DB.
Adrian
-Original Message-
From: Radek Valachovic [mailto:[EMAIL PROTECTED]
Sent: 24 July 2008 19:19
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
What would you suggest for this kind of thing:
Select
: Radek Valachovic [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 1:18 PM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
What would you suggest for this kind of thing:
Select USERID
from users
where email = '#trim(arguments.email
MAXLENGTH would typically be the maximum the underlying table allows or the
maximum you want to accept. And MAXLENGTH is optional.
--- Ben
-Original Message-
From: Radek Valachovic [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 2:19 PM
To: CF-Talk
Subject: Re: (ot) URL Hack
Message-
From: Radek Valachovic [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 2:19 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
What would you suggest for this kind of thing:
Select USERID
from users
where email = '#trim(arguments.email
Charlie Griefer wrote:
Not using SELECT * is more of a best practices kind of thing.
When you use it, you're potentially pulling more information than you need,
which is inefficient.
It can also lead to very hard to debug errors. When * is used, the
list of columns can become cached. If
So if I wont use maxlenght still it is gonna be secured?
Yes.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or
- Original Message -
From: Radek Valachovic [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 1:26 PM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
So if I wont use maxlenght still it is gonna be secured? thanks
(Brad) This is starting to sound like a bad multiple choice question from
a college
final... :)
Escpecially our college, Brad. ;-)
(Claude) It may be a silly question, but why a SELECT * will brake
because an unused column was dropped?
To clarify, it is a SELECT * query with a CFQUERYPARAM
) URL Hack Attempt Leaves Me Scractching My Head...
MAXLENGTH would typically be the maximum the underlying table allows or
the
maximum you want to accept. And MAXLENGTH is optional.
--- Ben
-Original Message-
From: Radek Valachovic [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 2
If you don't really care
I don't really care measuring the difference it makes,
because it must certainly be marginal, and it is not because
I don't care the difference it can made that I cannot make a
comment about it.
If you want to be a contrarian for the sake of being a contrarian,
PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Thursday, July 24, 2008 12:59 PM
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
On Thu, Jul 24, 2008 at 10:48 AM, Radek Valachovic [EMAIL PROTECTED]
wrote:
Yeah I was reading in the forum this one, that using SELECT
= #url.user_id#
URL gonna look like this example:
http://mydomain.com/index.cfm?user_id=125456
Now imagine the Hacker Code (Declare etc etc) will add to the end:
http://mydomain.com/index.cfm?user_id=125456;DECLARE
How can it be processed when USER_ID in database is specified for LENGHT 15
Dave Phillips wrote:
(Claude) It may be a silly question, but why a SELECT * will brake
because an unused column was dropped?
To clarify, it is a SELECT * query with a CFQUERYPARAM in it. Because the
first time the query is executed, an execution plan is built and cached.
That execution
has in DB maxlenght
15 and it is numeric.
Integer is -2,147,483,648 and 2,147,483,647 = 10 the point is 10 or 15
doesnt matter.
I will specify for ITEMOID in DB maxl = 15
Example QUERY is
SELECT location FROM item WHERE url.user_id = #url.user_id#
URL gonna look like this example:
http
How can it be processed when USER_ID in database is
specified for LENGHT 15 and USER_ID with Hacker code has
lenght like 100?
For the purpose of preventing SQL injection, the length of the field in your
prepared statement doesn't matter. It is enough for it to be a prepared
statement, which
I was just looking into that myself.
http://qpscanner.riaforge.org/
I plan on running this against the code of my sites just to be sure.
If I do find any vunerabilities, is there something I can run against the
database to see if it has been infected?
Thanks.
WHERE url.user_id = #url.user_id#
URL gonna look like this example:
http://mydomain.com/index.cfm?user_id=125456
Now imagine the Hacker Code (Declare etc etc) will add to the end:
http://mydomain.com/index.cfm?user_id=125456;DECLARE
How can it be processed when USER_ID in database
Great, yes understand, basically it runs another script against database so
it assumes that it is not part of the user_id. good thanks.
On Thu, Jul 24, 2008 at 3:05 PM, Dave Watts [EMAIL PROTECTED] wrote:
How can it be processed when USER_ID in database is
specified for LENGHT 15 and
I noticed since I started securing the site also with tha cfif EXEC, I have
lower hits with the code, 3 days ago and more I got hit like an every hour,
these past 2 days I got 2 hits a day to the exact same page with exact same
variables in url
On Thu, Jul 24, 2008 at 3:05 PM, Radek
Al Musella, DPM wrote:
I can't believe this isn't a big news story.. it has been the focus
of my life for the last 48 hours:)
To be a big news story, it would have to be big and new. It is neither.
The impact it has had on the net is negligible. Who can mention 3 sites
that have been hit
If I do find any vunerabilities, is there something I can run
against the database to see if it has been infected?
Well, for the current attack, you would look at your
varchar/nvarchar/text/ntext columns to see if anything's been appended to
them. This should be fairly easy to identify.
Dave
Yes Exactly, Run the current attack, I am doing it to see how am I securing
the site and it works!
HAppy Attacking :)
On Thu, Jul 24, 2008 at 3:39 PM, Dave Watts [EMAIL PROTECTED] wrote:
If I do find any vunerabilities, is there something I can run
against the database to see if it has been
Not dissing anyone. Just curious. With all the ORM's and code generators out
there, why are you not using cfqueryparam?
One reason I can think of is that until recently you could not use it with
cached queries. For those of us that have to support older versions of
ColdFusion, it's definitely a
Hi Dave,
I have an older cf auction application that is being hit with this attack. I'm
running URLScan on my win2k server running CF5 server w/ sql2k. What is the max
length of URL you would recommend? Any deny verbs, headers, etc you would
recommend so I can compare to my urlscan.ini. I
One of my websites got hit.. I always use
cfqueryparam - at least for the last few years,
but some old code (this website started with
version 1 of CF) was still hanging around that
was unprotected. I used that scanning tool and it
found about 20 unprotected querries out of about 20,000...
however, one of the owners got banned when
he included the word Declare in a product description:)
Wow-- that sucks. This is a classic reason why that sort of blocking method
is in my opinoin only useful for a temproary stop gap. It treats the symtom
more than the problem and is prone to
On 7/23/2008 at about 1:30 I had a second sql injection attack. On 7/21/2008 I
had fixed the database for this site from the first attack and I had fixed all
the cfqueries with the proper cfquery param tags and included cfif
cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
If you are still being affected by the attack, then you still have one or
more vulnerable queries somewhere with access to that database.
Did you use a code scanner like QueryParam Scanner from RiaForge to search
the ENTIRE code base for missing cfqueryparams?
Also, find out the user your
What about if I put:
cfif cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
cgi.QUERY_STRING contains EXEC(cfabort/cfif
in my all cf files on my web site and if hacker gonna try to run any of this
files for example:
index.cfm?+code, mail.cfm?+code etc basically it attacks all on
separate from the header.
If you are looking for a stop gap try the isSQLInject function on cflib.org
(and make sure you add declare, cast and exec to the list). I posted a
snippet on my blog that uses this UDF like so:
!--- check the URL scope ---
cfif isDefined('url')
cfloop collection=#url
That may help with this particular attack, but I already have seen 2
versions of it today.. Both happened to have the EXEC(
but there are variations that use other key words.
The correct way (which unfortunately I found out through failure:) is:
1. Run a scanner like:
will be moving target.
-Mark
-Original Message-
From: Al Musella, DPM [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 8:49 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
That may help with this particular attack, but I already have seen 2
versions
With this latest spate of SQL attacks it has at least alerted CF (and non CF
coders hopefully) to the importance of sql injection and input sanitisation.
However I am noticing that almost all of the drop-in 'patches', almost all
of them seem to be straight list/array searches and there is almost
, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Gabriel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 9:49 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
With this latest spate
My thinking is:
The way it appears, a zombie will hit about 2 -12 pages on my web
server - over the course of a few seconds - then leave me alone..
On the first page they hit, if I ban them, then the next 1 to 11
tries will not succeed even if they happen to find a vulnerable file
Mark,
The comment block obfuscation technique has been posted on blog articles
that I have read through the years, however
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ seems to be the
only one that I can pull up after a 30 second search. Needless to say I am
almost certain that I have
]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Wednesday, July 23, 2008 11:15 PM
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Mark,
The comment block obfuscation technique has been posted on blog articles
that I have read through the years, however
http://ferruh.mavituna.com
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST
This attack has nothing to do with elevation of privilege. It simply
tacks on a SQL procedure to a query existing on the page already. This
procedure then runs through the tables/columns in the database
appending text the end of content in varchar fields. The text appended
varies, but what I've
The purpose of the hack is to change your website, so that each visitor is
hit with a series of browser exploit attempts while reading your website.
Some of the exploits attempted are handled by the MS patch. Some are not.
(Examples of the exploits: Ms06-014, flash, SP2, Realplayer11, Norton,
No, because those sites are still using the URL variables, just not visibly.
andy
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 3:39 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Here's another question
I saw this on the Riaforge update today. Looks like a SQL Jimmy wrapper for
your site.
http://portcullis.riaforge.org/
--
Portcullis is a CFC based url,form,cookie filter to help protect against SQL
Injection and XSS (Cross Site Scripting) atacks. This CFC can help filter
clients' sites, but they've always been caught by cfqueryparam
and haven't caused any problems.
Rick
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2008 9:23 AM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
I saw
was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST
Okay, stupidly, I clicked on rent.com (? Used to avoid perpetuation) to
see what Brian was talking about and now I see the reference to a .js file
on one of the pages. I didn't just infect my pc with something, did I?
I surely hope that we are not perpetuating some virus with these e-mails.
Okay, stupidly, I clicked on rent.com (? Used to avoid
perpetuation) to see what Brian was talking about and now I
see the reference to a .js file on one of the pages. I
didn't just infect my pc with something, did I?
I surely hope that we are not perpetuating some virus with
I went to your site Coldfusionmuse ...
Please send vulnerability discoveries to the appropriate individuals, not to
mailing lists.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in
www.necfug.com
-Original Message-
From: Brian Yager [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2008 10:22 AM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Mark
Kruger
Mark,
I went to your site Coldfusionmuse to read about that attack. I
It's ok dave... I put myself out there after all
-mark
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2008 2:09 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For Ma
rk Kruger
I went to your site
you are correct Dave..
Mark..I apologize for my post. I thought it was interesting following the
links from the original thread to see a site with that exact attack.
Brian
I went to your site Coldfusionmuse ...
Please send vulnerability discoveries to the appropriate individuals, not to
Mark,
I apologize for posting it the way I did. I did find it interesting finding
the exact attack on a site that was being discussed in the thread. Please
forgive me.
Brian
Brian and all,
I apologize for that. The issue here is not negligence on the part of our
excellent team. The problem
Brian,
No worries. You just cost me an hour of my life approving changes to our
portfolio section (ha).
-mark
-Original Message-
From: Brian Yager [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2008 3:52 PM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My
Doooh!
I just got through cleaning the results of this attack out of a clients
database! They have a very old CF application that was poorly written and has
no cfqueryparams!
I must have cleaned 10 tables so far... Funny part is, I warned my client
several months ago after seeing
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed. Thanks, Che
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:55 AM
To: CF-Talk
Subject: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several
, 2008 at 10:54 AM, Che Vilnonis [EMAIL PROTECTED] wrote:
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls before,
but what the heck are they trying to accomplish here? Eeverything is
cfqueryparam'ed
Read this:
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-A
nd-ASCII
~Brad
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:55 AM
To: CF-Talk
Subject: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Just
Why bother looking around the internet? Use your SQL server to decode
it!
Simply change the exec to a print statement. Very important! :)
~Brad
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:59 AM
To: CF-Talk
Subject: Re: (ot) URL Hack
server to decode
it!
Simply change the exec to a print statement. Very important! :)
~Brad
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 9:59 AM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head
11:12 AM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Why bother looking around the internet? Use your SQL server to decode it!
Huh... Learn sumptin new every day. That is why I keep coming back here. ;)
Thanx Brad.
~G
Can we please stop distributing this script ;)
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:32 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Tried printing the code in SQL Analyzer and got nothing
Good point. My bad...
-Original Message-
From: Dave Francis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:39 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Can we please stop distributing this script ;)
-Original Message-
From
10:32 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Tried printing the code in SQL Analyzer and got nothing. Can anyone
translate it to text? Not sure what I am missing.
/rss.cfm?';DECLARE @S CHAR(4000);SET
@S=CAST
. Brace yourself for another wave of
attacks... :)
~Brad
-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 10:43 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Good point. My bad...
-Original Message
Yep, read the post. Must have been the line breaks that messed things up.
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:42 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Works great for me. You have
Drop database foo
Crap, I just let another one slip. Brace yourself for another wave of
attacks... :)
Lets not forget what a mess Little Bobby Tables made.
http://xkcd.com/327/
--
If everything seems under control, you're not going fast enough
-- Mario Andretti
Mutha!!!
Our company JUST had this happen. We're working through it right now.
Thanks for the confirmation guys. Appreciated.
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 10:42 AM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me
Sent: Monday, July 21, 2008 7:54 AM
Subject: SPAM (ot) URL Hack Attempt Leaves Me Scractching My Head...
Just was looking at a 'user monitor' page on one of my sites and I saw the
url string below being called. I've seen several sql injection urls
before,
but what the heck
We're getting hit hard today with this. They're failing, because we
use cfqueryparam and cfprocparam. But it is quite annoying.
-KJ
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the
We're getting hit hard today with this.
/rss.cfm?
Is is just rss.cfm? I haven't looked at our logs yet. Where did you see
this. The server log files?
~~G~~
On Mon, Jul 21, 2008 at 12:53 PM, Kris Jones [EMAIL PROTECTED]
wrote:
We're getting hit hard today with this. They're failing, because
in the CF community.
~Brad
-Original Message-
From: Kris Jones [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2008 11:53 AM
To: CF-Talk
Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
We're getting hit hard today with this. They're failing, because we
use cfqueryparam
401 - 500 of 2425 matches
Mail list logo