Ah.. Thank you. On Fri, Nov 18, 2011 at 9:05 AM, Aaron <[email protected]> wrote: > > That is an attempted SQL Injection. @@VERSION returns all the goodies you > would expect, and offers information an attacker might be able to use to > better expoit. > > MS SQL Server @@VERSION: > http://msdn.microsoft.com/en-US/library/ms177512(v=SQL.90).aspx > > > > On Fri, Nov 18, 2011 at 11:02 AM, Wil Genovese <[email protected]> wrote: > >> >> No clue what they are after, but I have been seeing that in my error >> notification alerts the week. Good old cfqueryparam has been working like >> a charm! >> >> >> >> Wil Genovese >> Sr. Web Application Developer/ >> Systems Administrator >> CF Webtools >> www.cfwebtools.com >> >> [email protected] >> www.trunkful.com >> >> On Nov 18, 2011, at 10:57 AM, "Claude Schnéegans <schneegans"@ >> internetiq.trunkful.com wrote: >> >> > >> > Hi, >> > >> > Since a few days, I have all my sites receiving requests in which a >> string like "/**/or/**/1=@@version)--" is added in the URL. >> > >> > Has someone any idea what this guy is actually trying to do ? >> > >> > >> >> > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348815 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
