I do declare that keyword matching alone has issues :-)
Yeah, that can really bite you in the butt!
We've been having pretty good results with the tool that is posted over at my
site. It does a fairly decent job of catching most injection and XSS attacks
and with some recent updates that I
On Friday 15 Jan 2010, Chung Chow wrote:
if ( isdefined(cgi.query_string) and (
findnocase(DECLARE,cgi.query_string) or
I do declare that keyword matching alone has issues :-)
--
Helping to challengingly envisioneer eigth-generation network integrated
turn-key bandwidth as
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were recently called with the url
parameters.. when an attack is in progress, you see a lot of them
with big url parameters. Easy to see at a glance. Best part is then
you can view the sql
/cffunction
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
The qpscanner is ok in general but I want something that will only get
me numeric variables that are not in a cfqueryparam.
That is not enough to protect you!
It is not hard to create injection attacks that bypass CF's auto-doubling of
quotes.
qpscanner deliberately errs on the side of
I know it's not enough but the point was that there has to be a
priority in what gets fixed. If there are 300+ query vars to fix,
which do you do first? My solution is to fix the numeric vars first
and then fix everything else after. In the end it all gets done but
until I get to the end, the
I think there's at least one or two more too. I should really make a
note of them somewhere...
Charlie Arehart's list.
Pretty sure he's got all this listed in a security/similar category.
Yep, here we go:
http://www.carehart.org/cf411/#testing
I have been getting a lot lately... and had an interesting
one. One computer was hammering my server. They were trying a
dictionary attack on one of my forms, in addition to trying sql
injection on every dynamic page. Strangely, the IP address of the
attacker, 204.238.82.17, was from
How do you guys monitor these attacks? The webserver logs?
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Wednesday, January 13, 2010 12:34 PM
To: cf-talk
Subject: Re: Recent SQL Injection attacks
I have been getting a lot lately... and had
:
How do you guys monitor these attacks? The webserver logs?
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Wednesday, January 13, 2010 12:34 PM
To: cf-talk
Subject: Re: Recent SQL Injection attacks
I have been getting a lot lately... and had
using cfformprotect i am doing an exercise whereby loggin each offending IP
address in a table. next to each IP i am recording the number of times they
reoffend. i am then using a block script (found from this site i think?)...
!--- blacklist ip addresses ---
cfset fName =
Fast question. Has anyone seen an injection attack that used a field
other than an integer?
I've written a fast RegEx for use in Homesite (or any other regex
using editor) that will find any query that has numeric 'looking'
variables that are not in a cfqueryparam. While I have to change every
-Original Message-
From: Michael Dinowitz [mailto:mdino...@houseoffusion.com]
Sent: Wednesday, January 13, 2010 5:34 PM
To: cf-talk
Subject: Re: Recent SQL Injection attacks
Fast question. Has anyone seen an injection attack that used a field other
than an integer?
I've written a fast
There's a project for that.
I can't remember what it is off-hand, but I'm 100% sure there's a
cfqueryparam-er.cfc out there, which does this.
Maybe this one? : http://qpscanner.riaforge.org/
I think there's at least one or two more too. I should really make a
note of them somewhere...
It
Maybe this one? : http://qpscanner.riaforge.org/
The other main one is
http://www.webapper.com/blog/index.php/2008/7/22/ColdFusion-SQL-Injection
I think a mash up or two might have cropped up in the past year too.
~Brad
The qpscanner is ok in general but I want something that will only get
me numeric variables that are not in a cfqueryparam. The RegEx does
that while putting the results in a single click position for me to
edit immediately. My old cfqueryparam scanner allows for
auto-insertion of cfqueryparam
Mark,
Thanks. The client is on MS SQL so doing the numbers first looks like
a good idea for him. Always good to prioritize work.
--
Michael
On Wed, Jan 13, 2010 at 6:39 PM, Mark Kruger mkru...@cfwebtools.com wrote:
Michael,
Yes... Certain types of installations of MySQL are subject to
Yes.
All from ip 91.212.226.161
Which we have blocked at our firewall.
Annoying, but we saw these coming 2 summers ago, and took steps.
On Tue, Jan 12, 2010 at 6:05 PM, Michael Dinowitz
mdino...@houseoffusion.com wrote:
Has anyone seen any recent SQL injection attacks on their sites or
Didn't know about that IP. Thanks
They got in through some code that was written literally 10 years ago
on one of the clients forgotten sites. I've fixed up the cfquery tags
and added my anti-injection code to the whole dir.
Thanks
--
Michael
On Tue, Jan 12, 2010 at 6:31 PM, Jerry Johnson
27 matches
Mail list logo
