Dave... What other ways are there? I know of two: EXEC and EXECUTE.
-----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 1:05 PM To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... > Even easier than monkeying with every single one of your cfquery's.... > just add following line to the TOP of all your > application.cfm's: > > <cfif cgi.SCRIPT_NAME contains "EXEC(" OR cgi.PATH_INFO contains > "EXEC(" OR cgi.QUERY_STRING contains "EXEC("><cfabort></cfif> That would stop this specific problem, but would be easily circumvented by using one of the other mechanisms for executing strings on SQL Server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309373 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
