Just to put the record straight it is entirely possible to create files using SQL scripts if permissions allow it.
That SQL Injection was possible was demonstrated to Allaire by putting a file in the C:\ directory of their main production website using SQL Injection... :-) On 14/11/2012 8:47 AM, Nathan Strutz wrote: > > ... No standard exploit will inject CFML into a page-- -- Yours, Kym Kovan mbcomms.net.au ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353150 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
