The attempts are based on a google search of .cfm files with parameters that can be exploited.
(They have automated the page search, as well as the attack itself.) It is not a cf specific attack, but is also nailing php, asp, and .net sites. Here is a decent writeup of it all. http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx On Mon, Jul 21, 2008 at 4:05 PM, Che Vilnonis <[EMAIL PROTECTED]> wrote: > For me, all attempts are focusing on rss.cfm. Another post said they saw > sitemap.cfm being hit. Can anyone confirm any other templates that are > being > hit? Perhaps only 'commonly named' templates are being hit? > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309388 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
