Fuseguard: http://foundeo.com/security/
Just add a couple lines to your App.cfc or App.cfm and bam, you're secure. Worked awesome for a legacy CFML application that one of our customers was having major SQL injection problems with. Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ Open BlueDragon Steering Committee Railo Community Distributions Al Musella, DPM wrote: > I can't believe I got hit again. One of my old pages that is no > longer linked into the website didn't have a cfqueryparam.. I deleted > it from my local machine but forgot to delete it from the server. > > I have a generic checker in my cfapplication, but it missed this > one.. here is the sequence of events: > > 1. They tried this on thousands of pages and found 1 where it > worked.. (i am leaving off the domain name and page. This is just > the query string.) > > ?item=471+or+1=(%73%65%6C%65%63%74+DATA_TYPE+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=char(080)%2Bchar(97)%2Bchar(121)%2Bchar(80)%2Bchar(97)%2Bchar(108)+AND+COLUMN_NAME=char(080)%2Bchar(97)%2Bchar(105)%2Bchar(100)%2Bchar(100)%2Bchar(97)%2Bchar(116)%2Bchar(101))- > > > 2. for every table in the database, they did this: It was automated > because it happened in a few seconds.. > > item=471+update+dvds+set+fname1=SUBSTRING(fname1,0,CHARINDEX(char(60)%2Bchar(116)%2Bchar(111)%2Bchar(116)%2Bchar(62),cast(fname1+as+varchar(8000)))-0)-- > > > it came from one ip address: 94.102.52.27 in the netherlands. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333006 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm