RE: Hacking CF Web Sites and Applications

Mon, 13 Aug 2001 06:08:53 -0700 

In your select statement if you wrapped you where whatever = 23 in single
quotes, or in a val() statement either of those would keep that from
happening.  Which is a good thing.

-----Original Message-----
From: Bosky, Dave [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 9:02 AM
To: CF-Talk
Subject: RE: Hacking CF Web Sites and Applications


Using the url 'xxx.cfm?show=23;%20DROP%20TABLE%20MyStuff'
I attempted to drop my table and it failed. Why didn't it drop the table?
Either I've done something to prevent it that I'm unaware of or I used
invalid
syntax. 
 
-----------------------
[Microsoft][ODBC Microsoft Access Driver] Characters found after end of SQL
statement.
-----------------------

Thanks.
Dave





-----Original Message-----
From: Don Vawter [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, August 12, 2001 11:01 AM
To: CF-Talk
Subject: Re: Hacking CF Web Sites and Applications


I have a page on preventing url hacks which was derived from the school of
hard knocks after it happened to me http://www.vawter.com/urlhack.cfm

----- Original Message -----
From: "Daryl Fullerton" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, August 12, 2001 8:37 AM
Subject: Hacking CF Web Sites and Applications


> Hi all,
>
> Any one got general advice on how to prevent hackers from getting 
> access
to
> CF sites via back doors and tampering with data
>
> We dont want the hackers to be able to change data via URL strings.
>
> e.g Encrypting URL variables etc
>
> Anything else we should look at
>
> Any good articles out there?
>
> Thanks
>
> Daryl Fullerton,
> Managing Partner,
> BizNet Solutions,
> Allaire Premier Partner (Ireland)
> 133 - 137 Lisburn Road
> Belfast
> BT9 7AG
> N.Ireland
>
> Direct +44 (0) 28 9022 7888
> Tel  +44 (0) 028 9022 3224
> Fax +44 (0) 028 9022 3223

<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to