If you block this at the webserver, or better yet network level, you won't incur any processing overhead, and less-than-secure code is at least a bit protected.
Some apache rewrite rules have been posted that will at least stop it at the webserver level, and I think someone posted the IIS plugin deal equivalent, too. :den -- In all the areas within which the spiritual life of humanity is at work, the historical epoch wherein fate has placed us is an epoch of stupendous happenings. Edmund Husserl On Mon, Apr 19, 2010 at 4:07 PM, Al Musella, DPM wrote: > > I can't believe I got hit again. One of my old pages that is no > longer linked into the website didn't have a cfqueryparam.. I deleted > it from my local machine but forgot to delete it from the server. > > I have a generic checker in my cfapplication, but it missed this > one.. here is the sequence of events: > > 1. They tried this on thousands of pages and found 1 where it > worked.. (i am leaving off the domain name and page. This is just > the query string.) > > ?item=471+or+1=(%73%65%6C%65%63%74+DATA_TYPE+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=char(080)%2Bchar(97)%2Bchar(121)%2Bchar(80)%2Bchar(97)%2Bchar(108)+AND+COLUMN_NAME=char(080)%2Bchar(97)%2Bchar(105)%2Bchar(100)%2Bchar(100)%2Bchar(97)%2Bchar(116)%2Bchar(101))- > > > 2. for every table in the database, they did this: It was automated > because it happened in a few seconds.. > > item=471+update+dvds+set+fname1=SUBSTRING(fname1,0,CHARINDEX(char(60)%2Bchar(116)%2Bchar(111)%2Bchar(116)%2Bchar(62),cast(fname1+as+varchar(8000)))-0)-- > > > it came from one ip address: 94.102.52.27 in the netherlands. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333013 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
