> The items in red is where your problem lies! > a simple sql statement via the url could delete all data > from your db. Have a look at your webserver log file, do > a search for DELETE, if its anywhere in the log file then > see if its a SQL statement, if so, thats the hacker, trace > its IP address... > > To solve your probs in the future use #val(yourVariable)# > for any integer used in your SQL clause, i.e. ## without > the single quotes around it...
Just a couple of pieces of advice. First, I'd recommend using CFQUERYPARAM instead of Val in your inline SQL whenever possible. Second, in my experience, people aren't really interested in deleting your data usually. They'd much rather do something less visible but more useful (to them), like install rootkits on your database server. So, looking for DELETE in your web server log files and not finding it, doesn't mean that you haven't been victimized. > PS. there are many sites out there that do not know about > this, I used to work for a company called RP Data who I told > about this problem, but they don't care (or did not believe > me). You can completely take over servers with this hole... > www.massiveauctions.com is another one with the hole, I also > told them but they don't care! Funny, people are playing with > other peoples personal information and they just don't care.... One final piece of advice. In general, you should probably avoid posting information about specific vulnerabilities on specific servers. Someday, someone may be held liable for negligence for doing that sort of thing - I think it's just a matter of time - and you probably don't want to be that person. It's analogous to me telling everyone that Ray Camden leaves his front door unlocked, and oh by the way he lives at ... (sorry for dragging you into this, Ray.) Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
