By default it will redirect back to the root domain (/), but that can be modified in the file or easily changed to a CFABORT as well.
To trigger it for testing you'll need a SQL keyword and a semi-colon in the same URL variable, for example... /product.cfm?id=4;declare() ....would trigger it. -Justin Scott ------- Original Message ------- >From : morchella[mailto:[EMAIL PROTECTED] Sent : 8/7/2008 6:39:26 PM To : [email protected] Cc : Subject : RE: Re: HELP! SQL Injection Attack! does Justin's file redirect the intruder? i tried passing /products/index.cfm?n1Id=1&FOREIGN=test but nothing happened i am including the file in my application.cfm modified the email & such.. how can i test it ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310460 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
