Doooooooh! I just got through cleaning the results of this attack out of a clients database! They have a very old CF application that was poorly written and has no cfqueryparams! I must have cleaned 10 tables so far... Funny part is, I warned my client several months ago after seeing evidence of a sql injection in his DB that he needed to at the very least purchase an application firewall to protect his sites. After running a trial of a popular application firewall he decided not to spend the money or try to deal with the ongoing tweaking required so that his site visitors are not effected by the firewall. Needless to say his security holes just cost him alot more money and down time due to this latest attach.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309504 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
