I think it sounds like one developer was trying to destroy your search ranking by giving googlebot to an obvious spam page. (don't they know about robots.txt?) Too bad for you guys, google now makes a web browser, and thus your problem. No standard exploit will inject CFML into a page unless you're dynamically generating cfm files, then maybe it was a cheap XSS hack that found its way into a really lucky spot - that still doesn't explain why the XSS would be written in CFML. Just take out the evil code, apologize for all of your previous developers and move on.
I mean, unless you can prove who did it. Source control (like Git) would do that. For me, this would be a no-brainer, I can see exactly who committed what. nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Nov 13, 2012 at 2:37 PM, Matt Quackenbush <[email protected]>wrote: > > It doesn't have to have queries on it. Does it output data? > > That said, it sounds like some other sort of exploit. > > > On Tue, Nov 13, 2012 at 3:30 PM, Les Mizzell <[email protected]> > wrote: > > > > > > Issues like this are typically caused by either SQL injection (i.e. > > didn't use cfqueryparam) or > > > some sort of FTP vulnerability. My first step would be to make sure > > that *every* > > > cfquery that accepts any input of any kind from users is utilizing > > cfqueryparam. > > > > Everything is "paramed" to the hilt - I sanitize all form vars BEFORE > > the query, and then use cfqueryparam on top of that ... so I'm guess > > we're looking at a ftp vulnerability. > > > > Question though - how could an injection attempt on an unprotected query > > add a piece of script to a static page that doesn't even have any > > queries on it? > > I'd kinda like to see what that looked like, if it's possible... > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353147 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
