cf forum perhaps? http://web.archive.org/web/20071226130838rn_1/www.cfcode.com/cfforum/
With this? *cfforum-forummessages-sql-injection (47234)* http://xforce.iss.net/xforce/xfdb/47234 Here is a thread which is discussing the issues that customers were having with SQL injection attacks with that software: http://74.125.95.132/search?q=cache:rpWLYB_1Q1AJ:www.cfcode.com/cfforum/printthread.cfm%3FForum%3D9%26Topic%3D1568+cfforum+security&cd=4&hl=en&ct=clnk&gl=us&client=iceweasel-a A google search of site:cfcode.com shows that the software makes registered members usernames available to Google spiders through the whois.cfm, which would make a brute force attack fairly easy... Just a heads-up for anyone running this software. speeves On Tue, May 12, 2009 at 8:47 AM, Shannon Peevey <[email protected]> wrote: > whois is our friend :) Robert has been contacted. > > > On Tue, May 12, 2009 at 8:41 AM, Gerald Guido <[email protected]>wrote: > >> >> Not to add insult to injury but this is too funny. >> >> From the domain tools listing page: >> Front Page Information Website Title: HaCKeD By >> EL_MuHaMMeD<http://www.cfcode.com/> Title >> Relevancy 100% >> >> >> On Tue, May 12, 2009 at 10:25 AM, Peter Boughton <[email protected] >> >wrote: >> >> > >> > I guess talking to Robert would be a good start... >> > >> > http://whois.domaintools.com/cfcode.com >> > >> > >> > >> > >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322419 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
