>- see footer for list info -< So before everyone rants on about CFQUERYPARAM, is that query hackable?
I have said it was and would like to prove it. Russ? Anyone? Yours hackingly, Allan P.S. Its on CFMX 6.1 with SQL 2000 / Windows Server -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kerry Sent: 26 August 2005 12:01 To: Coldfusion Development Subject: RE: [CF-Dev] SQL injection >- see footer for list info -< I know 6 does this. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Allan Cliff Sent: 26 August 2005 10:56 To: CF Developer Subject: [CF-Dev] SQL injection >- see footer for list info -< Have some code with a query like this: SELECT * FROM Users Where User = '#trim(form.user)#' AND Password= '#trim(form.password)#' Now, I wanted to prove to the person who wrote it that SQL injection was possible. I am on CFMX 7 and CF is kindly escaping the ' for me. When was this upgraded? CF5 to CFMX6 or CFMX6 to CFMX7? Thanks Allan P.S. Need a decent course in hacking. lol. _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
