If an attacker adds a semicolon to the query string additional commands could be executed .. wouldn't this be a problem.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lewis, David Sent: Tuesday, December 06, 2005 2:35 PM To: 'Dallas/Fort Worth ColdFusion User Group Mailing List' Subject: RE: [DFW CFUG] cfm hacks Can anyone show that this example is still vulnerable in current CF versions? I'm seeing that CF escapes the quote mark and your parm string stays intact..ie.. SELECT * FROM users WHERE username = 'whatever' AND password = '1'' OR 1 = 1' -----Original Message----- From: Dave Shuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 3:45 PM To: Dallas/Fort Worth ColdFusion User Group Mailing List Subject: Re: [DFW CFUG] cfm hacks <snip> Or say you have a login on a site and your SQL is: SELECT * (yeah I know * is bad) FROM users WHERE username = '#form.username#' AND password = '#form.password#' What if the person puts the following in the password input field? value: 1' OR 1 = 1 Effectively they have just said SELECT * FROM users WHERE username = 'whatever' AND password = '1' OR 1 = 1 And they are now ogged in as the first user. Those are a couple of simple methods. ~Dave _______________________________________________ List mailing list Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archive: http://lists1.safesecureweb.com/mailman/private/list DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/ CONFIDENTIALITY NOTICE: The information contained in this e-mail and attached document(s) may contain confidential information that is intended only for the addressee(s). If you are not the intended recipient, you are hereby advised that any disclosure, copying, distribution or the taking of any action in reliance upon the information is prohibited. If you have received this e-mail in error, please immediately notify the sender and delete it from your system. _______________________________________________ List mailing list Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archive: http://lists1.safesecureweb.com/mailman/private/list DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/
