Andy: Unfortunately, I don't have the SQL Injection code. From what I can gather, the attack resulted in a whole bunch of copies of some PHP code that essentially gives the user access to both the file system and the database. I'm still working on getting the log files from the web host (FTP is down for some reason) but with the PHP files, they could have changed the database without having to do so via the URL.
-- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: mosh.teitelb...@evoch.com WWW: http://www.evoch.com/ > -----Original Message----- > From: Andy Matthews [mailto:li...@commadelimited.com] > Sent: Wednesday, October 21, 2009 3:49 PM > To: cf-talk > Subject: RE: After the fact: SQL Injection Scanner > > > Mark's right. If you have the SQL injection code, you can essentially > reverse engineer it and use it as a blueprint to fix the problems. > > > andy > > -----Original Message----- > From: Mosh Teitelbaum [mailto:mosh.teitelb...@evoch.com] > Sent: Wednesday, October 21, 2009 2:10 PM > To: cf-talk > Subject: After the fact: SQL Injection Scanner > > > All: > > > > A client called today letting me know that their server had been > breached > and that some malicious code had been uploaded to the site. After > doing > some research into the particular files that were uploaded, it turns > out > that the attack is also usually accompanied by a SQL Injection attack. > Their database is huge and, instead of manually going through the > database > looking for altered records, I thought to write some code that would > scan > the records and report any potential problems. Before doing that, does > anyone know of any existing code that does that? > > > > Thanks in advance. > > > > -- > > Mosh Teitelbaum > > evoch, LLC > > Tel: (301) 942-5378 > > Fax: (301) 933-3651 > > WWW: http://www.evoch.com/ > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327469 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
