RE: URL Hacks

Andy Ewings Wed, 04 Jul 2001 09:36:32 -0700
not sure what the earlier messages were in this thread but....

>>Quick question, the dropping of tables seems very destructive, and of
>>little point other than trashing a site.

Absolutely - that's why you should tie this downin your code so hackers
can't exploit it.

>>Is it possible to construct more "useful" queries to run piggy back,
>>i.e. the SQL to display all the tables in a database, the fields in a
>>table, or the data in a field(s)? I'm not asking for examples, just if
>>it's theoretically possible.

You can run any valid SQL statement against the DB.  Whether it will execute
correctly is down to the permissions that the user has that the DSN is
using.  You won't however be able to display the results of your query
unless the CF code does so.


-----Original Message-----
From: Daniel Kemp [mailto:[EMAIL PROTECTED]]
Sent: 04 July 2001 17:44
To: CF-Talk
Subject: RE: URL Hacks


> -----Original Message-----
> From: Don Vawter [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 13, 2001 7:10 PM
> To: CF-Talk
> Subject: URL Hacks

> If anyone has any interest it is at:
http://www.vawter.com/urlhack.cfm

Quick question, the dropping of tables seems very destructive, and of
little point other than trashing a site.

Is it possible to construct more "useful" queries to run piggy back,
i.e. the SQL to display all the tables in a database, the fields in a
table, or the data in a field(s)? I'm not asking for examples, just if
it's theoretically possible.

Having the data deleted is easy to recover from (if not careless),
having someone view your data, or database construction would seem to
be a lot worse.

Cheers,
Dan.



This message is intended only for the use of the person(s) ("the intended
recipient(s)") to whom it is addressed.

It may contain information which is privileged and confidential within the
meaning of the applicable law. 
If you are not the intended recipient, please contact the sender as soon as
possible.
The views expressed in this communication may not necessarily be the views
held by Live Information Systems Limited.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: URL Hacks

Reply via email to
