Can anyone show that this example is still vulnerable in current CF versions? I'm seeing that CF escapes the quote mark and your parm string stays intact..ie..
SELECT * FROM users WHERE username = 'whatever' AND password = '1'' OR 1 = 1' -----Original Message----- From: Dave Shuck [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 3:45 PM To: Dallas/Fort Worth ColdFusion User Group Mailing List Subject: Re: [DFW CFUG] cfm hacks <snip> Or say you have a login on a site and your SQL is: SELECT * (yeah I know * is bad) FROM users WHERE username = '#form.username#' AND password = '#form.password#' What if the person puts the following in the password input field? value: 1' OR 1 = 1 Effectively they have just said SELECT * FROM users WHERE username = 'whatever' AND password = '1' OR 1 = 1 And they are now ogged in as the first user. Those are a couple of simple methods. ~Dave _______________________________________________ List mailing list Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archive: http://lists1.safesecureweb.com/mailman/private/list DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/
