RE: Hacking CF Web Sites and Applications

Bosky, Dave Mon, 13 Aug 2001 05:59:24 -0700
SELECT myitem, myphoto 
FROM mystuff
WHERE Show=#URL.Show#


-----Original Message-----
From: Don Vawter [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 13, 2001 9:12 AM
To: CF-Talk
Subject: Re: Hacking CF Web Sites and Applications


Let us see the query where you used the url.show parameter. Also as an aid,
turn on debugging in cf and grab the actual generated query to see what you
db actually saw

----- Original Message -----
From: "Bosky, Dave" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 7:02 AM
Subject: RE: Hacking CF Web Sites and Applications


> Using the url 'xxx.cfm?show=23;%20DROP%20TABLE%20MyStuff'
> I attempted to drop my table and it failed. Why didn't it drop the 
> table? Either I've done something to prevent it that I'm unaware of or 
> I used invalid syntax.
>
> -----------------------
> [Microsoft][ODBC Microsoft Access Driver] Characters found after end 
> of
SQL
> statement.
> -----------------------
>
> Thanks.
> Dave
>
>
>
>
>
> -----Original Message-----
> From: Don Vawter [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, August 12, 2001 11:01 AM
> To: CF-Talk
> Subject: Re: Hacking CF Web Sites and Applications
>
>
> I have a page on preventing url hacks which was derived from the 
> school of hard knocks after it happened to me 
> http://www.vawter.com/urlhack.cfm
>
> ----- Original Message -----
> From: "Daryl Fullerton" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Sunday, August 12, 2001 8:37 AM
> Subject: Hacking CF Web Sites and Applications
>
>
> > Hi all,
> >
> > Any one got general advice on how to prevent hackers from getting 
> > access
> to
> > CF sites via back doors and tampering with data
> >
> > We dont want the hackers to be able to change data via URL strings.
> >
> > e.g Encrypting URL variables etc
> >
> > Anything else we should look at
> >
> > Any good articles out there?
> >
> > Thanks
> >
> > Daryl Fullerton,
> > Managing Partner,
> > BizNet Solutions,
> > Allaire Premier Partner (Ireland)
> > 133 - 137 Lisburn Road
> > Belfast
> > BT9 7AG
> > N.Ireland
> >
> > Direct +44 (0) 28 9022 7888
> > Tel  +44 (0) 028 9022 3224
> > Fax +44 (0) 028 9022 3223
>
> <snip>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Hacking CF Web Sites and Applications

Reply via email to
