Actually the DSN for the sites are select only so there :-) Russ
-----Original Message----- From: Aidan Whitehall [mailto:[EMAIL PROTECTED] Sent: 02 April 2003 17:27 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Kinda Hacking but ... > Wonder if they have somebody keeping a close eye on the logs and seeing > us lot mess with the query string?! I wouldn't bet on it. The web site of one of our competitors exposed the ColdFusion error information, showing they were using SQL server. And it allowed you to append ;select%20*%20from%20sysobjects I was dying to see if you could drop stuff and figured if they were that lax on checking the user input, they wouldn't have restricted the web users account permissions to just select, plus they probably wouldn't know where to start to find it in the logs. -- Aidan Whitehall <[EMAIL PROTECTED]> Macromedia ColdFusion Developer Fairbanks Environmental Ltd +44 (0)1695 51775 ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
