Josh R wrote:
> This may be simple minded, but you don't need to know every word they use. A
> filter that elaborate would make a site practically useless. However, most
> (actually all) hacks must contain a specific syntax to initiate the security
> hole. For example, the URL attacks on you followed a
> "...90;%20DROP%20TABLE%20IMAGES..." syntax. My script just looks for a
> hardly-used-always-the-same portion of that needed syntax such as
> ";%20DROP%20TABLE%20" to trigger the lockout.
>
> I've had some pretty good responses to my little script. It doesn't cover
> every known hack, but then what does? It's better then just complaining
> about the problem.
>
> BTW, I'm on the lookout for more "hack syntax" that I can incorporate into
> the script. I've added all the ones I know of. If you know of specific
> coding that is incorporated htrough a CFM page, please email me OFF LIST so
> I can see about increasing the power of my cf_antihack script.
Why a filter looking for words in a URL?
AFAIK the issue is that code (like DROP, INSERT, DELETE, UPDATE, ALTER
and possibly functions/vbscript etc.) is executed in the database. What
code can be executed? Wouldn't that be code that is not escaped? So that
means that everything between proper quotes is safe by definition. What
is left is dates, numbers etc. Well, simply use cfqueryparam for them
and you are done.
Or am I misunderstanding something here?
Jochem
PS Some suggestions for Josh:- check formfields too
- URLDECODE everything so you can use regex pattern matching
(instead of ";%20DROP%20TABLE%20" match
"[[:space:]]*;[[:space:]]*drop[[:space:]]*table[[:space:]]*" so I can't
simply replace a space with a tab and bypass your filter
- check for all the abovementioned statements
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
