Hi Mark,
You missed the first part of my post.. they actually look up all
of the table names and field names! They don't do it by throwing random errors!
And it replaced all of the text instead of appending. Appending is
easier to fix. Luckily nothing of importance is stored in that
database and I had daily backups. Had to go back a week to get the
uninfected backup
This was a really simple website I must have written in Cold fusion
version 2 for a friend and haven't touched it in many years.
The same attack was tried on my main website but didn't work.
At 06:44 PM 4/19/2010, you wrote:
>Al,
>
>These sort of attacks increase and decrease in waves unfortunately. I spent
>a few hours fixing a customer server this week myself. Very similar
>codewise:
>
>http://www.coldfusionmuse.com/index.cfm/2010/4/16/SQLi-char-urchin
>
>
>-Mark
>
>Mark A. Kruger, MCSE, CFG
>(402) 408-3733 ext 105
>www.cfwebtools.com
>www.coldfusionmuse.com
>www.necfug.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333020
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
