Re: help!!!

Wed, 03 Sep 2008 05:55:11 -0700 

  <cfparam name="form.fieldnames" default="">
  <CFLOOP list="#form.fieldnames#" index="myfield">
  <Cfif evaluate("form."&myfield) contains "CHAR(" and
evaluate("form."&myfield) contains "EXEC(">
  SQL INJECTION ATTEMPT
  <!--- Lets block this ip --->
  <CFQUERY NAME="qBlockInjection" datasource="security" timeout="5">
  insert into blockedip(ip,note)
  values ('#cgi.REMOTE_HOST#','SQL INJECTION on #cgi.path_translated#')
  </CFQUERY>

  <cfset subject="SQL INJECTION ATTEMPT - #cgi.path_translated#">
  <cfparam name="additionaldata" default="#structnew()#"> <!--- Error
handler variable --->


  <cfinclude template="/globalincludes/senderror.cfm">


  <CFABORT>

  </Cfif>
  </CFLOOP>

  <!--- Loop over the URL variables --->
  <cfparam name="form.fieldnames" default="">
  <CFLOOP list="#cgi.QUERY_STRING#" index="myfield" delimiters="&"> <!---
Outter loop --->
  <cfif not cgi.SCRIPT_NAME contains "urlfix.cfm">
  <Cfif cgi.QUERY_STRING contains "CHAR(" and cgi.QUERY_STRING contains
"EXEC(">
  SQL INJECTION ATTEMPT
  <!--- Lets block this ip --->
  <CFQUERY NAME="qBlockInjection" datasource="security" timeout="5">
  insert into blockedip(ip,note)
  values ('#cgi.REMOTE_HOST#','SQL INJECTION on #cgi.path_translated#')
  </CFQUERY>

  <cfset subject="SQL INJECTION ATTEMPT - #cgi.path_translated#">
  <cfparam name="additionaldata" default="#structnew()#"> <!--- Error
handler variable --->


  <cfinclude template="/globalincludes/senderror.cfm">


  <CFABORT>

  </Cfif>
  </cfif>
  </CFLOOP>

If you don't have query params on everything  you can check all scopes too
and filter out the data i have about 15000+ attempts on some of mysites.


On Wed, Sep 3, 2008 at 8:44 AM, Erika L. Walker <[EMAIL PROTECTED]>wrote:

> Ahhh. timing sucks. Glad things are fixed ...
>
> We keep a months worth usually - but do have some sites with a 3 month
> store. And thanks heavens for that sometimes ...
>
> On Wed, Sep 3, 2008 at 8:33 AM, Tony <[EMAIL PROTECTED]> wrote:
>
> > all things are good.
> >
> > the client didnt notice until the weekly queue of held backups starts
> > to write over itself  :(
> >
> >
>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:267596
Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5

Reply via email to