> Can this be done through a URL? Yes, easily.
> Does the list of fields that have been injected provide any > clue about how or where the injection attack occurred? How > do these guys, or their program, know my table names and my > field names? I have some very obscure field names, and they > still get them injected - they are not guessing these things, > they know the name of the field. > > If I wanted to duplicate what they did, I would write a loop > that would go through every record in the table, and CFUPDATE > that particular record. In fact, I wrote scripts like this > to remove this junk, setting the record back to what it was > before the injection. How do they do this? Your database contains all its object names in metadata tables, which can be queried directly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310409 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
