Yes indeed. We had some attempts to injection attack via a fake
useragent variable in the CGI scope, as we were logging visiting
useragents in a database table.
Luckily they were not able to execute any code thanks to tight SQL
permissions, but the code they were trying to execute was written
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
I saw some request errors but what were they trying to do?
This is what the onRequest error email showed
It was attempted via the URL
On Wed, Jan 23, 2013 at 11:57 AM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
On Wed, Jan 23, 2013 at 12:57 PM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Keep in mind that vulnerabilites can come from any input that the attacker
can manipulate, eg
That's hex for, ?WAITFOR DELAY '00:00:15'
On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis gmorp...@gmail.com wrote:
0x57414954464F522044454C4159202730303A30303A313527
--
John Bliss - http://about.me/jbliss
~|
Order the
Ah so they were just checking to see if they could get something to work
before possibly trying anything real.
Thanks!
On Tue, Jan 22, 2013 at 11:15 AM, John M Bliss bliss.j...@gmail.com wrote:
That's hex for, ?WAITFOR DELAY '00:00:15'
On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis
Ah so they were just checking to see if they could get something to work
before possibly trying anything real.
That's a pretty standard approach. If they can get the response to
delay then they can mark that URL as a potential entry point to come
back and explore more later.
-Justin
This is possibly from XRumer. It is link building/forum spamming software.
On Thu, May 24, 2012 at 5:30 AM, Kevin Parker tras...@internode.on.netwrote:
One of my sites that has some anti-injection script reported this today -
does anyone know what this clown was trying to do. Thank you!!
Start here
http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-A
SCII
-Mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Chad McCue [mailto:c...@advmediaproductions.com]
We have one site on our server that was built about
10 years ago. Today some bot is hitting the site and
appending their content to the content already in the
system. I can't figure out how or where they are
getting in. Anyone have any ideas how I can stop this.
If you're sure it's SQL
Didn't Homer Simpson say rinse and repeat Always repeat :)
-Original Message-
From: Justin Scott [mailto:jscott-li...@gravityfree.com]
Sent: Friday, April 24, 2009 12:59 PM
To: cf-talk
Subject: RE: SQL Injection
We have one site on our server that was built about 10 years ago
24, 2009 10:59 AM
To: cf-talk
Subject: RE: SQL Injection
We have one site on our server that was built about
10 years ago. Today some bot is hitting the site and
appending their content to the content already in the
system. I can't figure out how or where they are
getting in. Anyone have any
If I am using an Application.cfc, would there be any
benefit of putting the structure into the application
scope, then never deleting it?
It certainly couldn't hurt. I chose to do it the way I did because I wanted
it to be completely self-contained and drop-in friendly regardless of the
Just got nailed myself - dammit - 15 years of knowledge.
Have code reviewed and wasn't my CFML (at this stage) so maybe a new IIS
vulnerability? My attack occured recently - possibly in the last 24 hours or
so. Have disabled the database and CFABORTed any code that interacts with the
database
Have code reviewed and wasn't my CFML (at this stage) so
maybe a new IIS vulnerability?
I seriously doubt this has anything to do with IIS, since IIS can't interact
directly with your database.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest
Open the website log with word and do a search for DECLARE
you will find a lot of entries..
Look for a filename that is in a different directory than what you
expected.. I think I got hit from a template that was in an old,
unused directory from many years ago. I recently went through
On Tue, Aug 26, 2008 at 4:46 AM, Peter Tilbrook wrote:
Just got nailed myself - dammit - 15 years of knowledge.
There are at least 2 tools available that will search through your
code looking for unparamed variables, and I think Larry posted a
simple regex that you could use from within Eclipse.
It doesn't work with stored procedures (which shouldn't
matter, 'cause I think they are type-checked by the DB first
anyways)
Well, not necessarily. As Mark pointed out when this thread started - it
feels like it was long, long ago - if you're calling a stored procedure from
CFQUERY you have
On Tue, Aug 26, 2008 at 2:01 PM, Dave Watts wrote:
It doesn't work with stored procedures (which shouldn't
matter, 'cause I think they are type-checked by the DB first
anyways)
Well, not necessarily. As Mark pointed out when this thread started - it
feels like it was long, long ago - if
PM
Subject: Re: SQL injection attack on House of Fusion
On Tue, Aug 26, 2008 at 2:01 PM, Dave Watts wrote:
It doesn't work with stored procedures (which shouldn't
matter, 'cause I think they are type-checked by the DB first
anyways)
Well, not necessarily. As Mark pointed out when this thread
On Tue, Aug 26, 2008 at 5:42 PM, Brad Wood wrote:
That is, unless you concatenate SQL in your stored procedure.
http://www.codersrevolution.com/index.cfm/2008/7/22/When-will-cfqueryparam-NOT-protect-me
Perfect example, thanks!
Yeah, dunno what I was thinking... parsing that stuff would be not
On Sun, Aug 17, 2008 at 10:43 AM, Jochem wrote:
denstar wrote:
Or maybe you've got a simple solution, to how one would limit URL
requests to only allowable values?
I don't think simple solutions exist. The closest I have seen that still
was simple yet appeared to be somewhat effective was a
On Wed, Aug 20, 2008 at 4:37 PM, Dave Watts wrote:
Your main concern is not the consumption of resources as a result of an
automated attack. That's just like any other denial of service attack,
basically. If you can filter it out successfully, that's good for you, but
you should be far
Mary Jo,
I've done some additional testing and have found that the prior version of the
SQL Injection Blocker does better when challenged with the HP Scrawlr testing
tool then the newest version. Rolling back to the prior release also solved the
false positive problem for the three towns
I've done some additional testing and have found that the prior
version of the SQL Injection Blocker does better when challenged with
the HP Scrawlr testing tool then the newest version. Rolling back to
the prior release also solved the false positive problem for the three
towns mentioned
I've upgraded to the latest version of Mary Jo's tool to filter attempts at SQL
injection. It works well, but I found three interesting false positives today.
My site has community profiles for cities and towns. The URL for these profiles
includes the county name as well as the city or town
Can anyone suggest a modification to the code
that would eliminate the false positives without substantially
weakening the filter?
The one in there now is by Luis Melo and his email is in the credits. You might
want to send them along to him as I know he plans to work more on reducing the
My site has community profiles for cities and towns. The URL for these
profiles includes the county name as well as the city or town name.
There are Union counties in North Carolina, New Jersey and Ohio.
Or...maybe you could just get the states to rename that county. ;-)
Funny,
I went to high school with him. Had a comp sci class with him where he
spent quite a bit of time trying to get passwords from unsuspecting people.
-Original Message-
From: Mike Kear [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 6:33 PM
To: CF-Talk
Subject: Re: SQL
I am still getting around 50 to 75 attacks a day on about 20 of my websites. I
applied the solution from JOCHEM that aborts the attach in the application.cfm
file and then sends me an email.
They just keep coming from different IP addresses so it is useless to do
anything other than wait for
I also had a concern about thread safety; it's caching the java.util.
regex.Matcher object in Application scope, and calling Application.
injChecker.reset(testvar) for each url/form/etc variable -- seems like
Matcher.reset() changes state of the cached Matcher object?
Thanks for pointing
what is going on and what is best to do.
Does this thing just raise it's ugly head every now and then and go away for a
while? This is the first I have seen of it on my server.
Thanks in advance,
~David G. Moore, Jr.
UpstateWeb, LLC Subject: Re: SQL injection attack on House of Fusion
I am currently using the SQLprev.cfm from Jochem to stop the onslaught
of superfluous bandwidth suckage from my server, but was wondering
what the difference would be with this one.
Since I am not familiar with his, I cannot say what the difference would be. I
did include URL, form, cookie
I am currently using the SQLprev.cfm from Jochem to stop the onslaught of
superfluous bandwidth suckage from my server, but was wondering what the
difference would be with this one. I am not looking to start a my SQL
Injection blocker is better than yours, yet trying to educate myself on
use? I have never seen
cfqueryparam used on any tags I have purchased or exchanged and I am afraid
all I know is what I have learned from books and forums. This is the first I
have ever heard of using cfqueryparam.
~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion
From
When you say Update Your Code, are you saying using cfqueryparam?
Yes, that's what he is saying.
so, go back and fix 1,000's of lines
of code I have developed over the last 'upteen' years or stop it
before it starts?
Because if you don't, you are putting a LOT of faith in these
David Moore, Jr. wrote:
Not trying to pick a fight, becuase I am sure you have forgotten more code
than I will ever know (seriously) and I am probably just being lazy
(seriously), but is cfqueryparam something a lot of programmers really use?
I have never seen cfqueryparam used on any tags
Not trying to pick a fight, becuase I am sure you have forgotten more code
than I will ever know (seriously) and I am probably just being lazy
(seriously), but is cfqueryparam something a lot of programmers really
use? I have never seen cfqueryparam used on any tags I have purchased
or
learned a lot.
~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion
From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008
14:35:19 -0700 Not trying to pick a fight, becuase I am sure you have
forgotten more code than I will ever know (seriously
When you say Update Your Code, are you saying using cfqueryparam? But
even so, the SQL injection still will use up countless resources instead of
cutting it off early. So, go back and fix 1,000's of lines of code I have
developed over the last 'upteen' years or stop it before it starts? Is
As someone who was hit by the attack on the first day. I will say I've
used cfqueryparam for years and yet I had a handful of pages with old
code where I was not using cfqueryparam. It just takes one page that's
publically accessible to do damage. Once I fixed the pages in question,
try as
Does this thing just raise it's ugly head every now and then
and go away for a while? This is the first I have seen of it
on my server.
This is the first large-scale automated SQL injection attack. Automated
attacks have been around for a long time, as have SQL injection attacks.
Honestly,
nother Post
Thanks everyone!
~David G. Moore, Jr.
P.S. Speaking of Smack Down's. Mary Jo's got a great right cross :) Go get'em
girl! Subject: Re: SQL injection attack on House of Fusion From: [EMAIL
PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:41:12
-0400 When
. This is the first I have ever heard of using cfqueryparam.
~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion
From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug
2008 17:01:42 -0400 I am currently using the SQLprev.cfm from Jochem to
stop
, 2008 4:59 PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Does this thing just raise it's ugly head every now and then and go
away for a while? This is the first I have seen of it on my server.
This is the first large-scale automated SQL injection attack. Automated
attacks
Eric,
A good answer might be it is now :)
-Original Message-
From: Eric Cobb [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 4:59 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
is cfqueryparam something a lot of programmers really use?
Only
to this one? I am pretty sure I am
about to get another SMACK DOWN... Subject: RE: SQL injection attack on House
of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed,
20 Aug 2008 17:59:23 -0400 Does this thing just raise it's ugly head every
now and then and go away for a while
Well, it is my goal :) not there yet... Subject: Re: SQL injection attack on
House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date:
Wed, 20 Aug 2008 16:59:26 -0500 is cfqueryparam something a lot of
programmers really use? Only the good ones. ;) Thanks, Eric
David
the ropes and into the first row of chairs! (Yes, I am from the South and
everything references Wrestling or Nascar)
~David Subject: Re: SQL injection attack on House of Fusion From: [EMAIL
PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 16:59:26
-0500 is cfqueryparam something
I certainly don't feel picked on. I feel blessed to have a place where I can
learn from people who do know so much. And you are right. I (we) only seem to
learn under fire. I am a one man business owner in a small town with limited
resources and time. 10 hour days, work weekends, what is
So, I have found like the Mother Load of good programmers who really care
about Cold Fusion and take the time to do it right?
Pretty much. The skill level on the list varies from can express the
meaning of life in ColdFusion to what's a database so your experience
may vary. I'd like to
. :)
As for the can o' worms. If you're ever in Spartanburg, SC, just bring 'em
along and I can show you some really nice fishin!
Seriously, thanks everyone!
~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion
From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008
18
When you say Update Your Code, are you saying using
cfqueryparam?
Yes. That is the only mechanism guaranteed to prevent known and future SQL
injection attacks. Using a filter can protect you from the current attack
long enough for you to fix your broken code.
But even so, the SQL injection
A while ago I read a totally rivetting book called The Art Of
Intrusion by Kevin D Mitnick, the legendary hacker who was sent to
jail for his intrusion exploits.He runs a security company now,
that tests you security and reports back on how well you've done.
He says one of the most common
Don't feel bad, David. I am a freelance CF programmer. I spend most
of my time working on bug fixes or feature enhancements on code
written by others.And the vast majority of files I work on have no
cfqueryparam.
Most of the code I work on really needs re-writing from scratch it's
so
P.S. Speaking of Smack Down's. Mary Jo's got a great right cross :) Go
get'em girl!
LOL, actually I am a pacifist at heart and always try to not lose my temper
(serves me well with customers, particularly the endlessly annoying ones!)
As for not knowing what cfqueryparam is and how to
Eric is pretty good at the Smack Down too, Eric The Great takes David
the Geek over the ropes and into the first row of chairs! (Yes, I am
from the South and everything references Wrestling or Nascar)
Here's another smack down for youit would be nice if you could remove all
the extra
Mary Jo,
Sorry. Didn't see all that. First time using this kind of post. Here's
another smack down for youit would be nice if you could remove all the
extra quoted stuff on your poststake a look at the online web archives, it
really makes a mess of the thread! Will do better in the
Actually I am a pacifist at heart and always try to not lose my temper (serves
me well with customers, particularly the endlessly annoying ones!)
LOLOL. I am actually a moderately conservative liberal. I believe in loosing my
temper only when I know I can't find it.
As for not knowing what
David Moore, Jr. wrote:
I am currently using the SQLprev.cfm from Jochem
The what from whom?
Jochem
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
OK. I thought it was from you. I was sent an email with the link to SQLprev.cfm
in an email and they referenced I use your suggestion in the email as well. I
stuck the two together. David Moore, Jr. wrote: I am currently using the
SQLprev.cfm from Jochem
Jochem Wrote? The what from
: Re: SQL injection attack on House of Fusion
Bobby, what have you been using to look up the origin of the IPs en masse?
I found a site that let's me do a handful at a time, but I don't know how
accurate the data it. It is saying the majority of my IPs originated from
the US.
~Brad
and totally insensitive analogy, the likes of which I
hope we never see on this list again.
Enough
-Original Message-
From: Mark Kruger [mailto:[EMAIL PROTECTED]
Sent: 11 August 2008 16:24
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Rick,
While your argument
Hello folks:
I am sorry about the thread jump here, but any ASP gurus out there on this
discussion list?
In the past week, I have been fanatically patching our old CF code and
applying CFQUERYPARAM wherever it applies. Additionally, I also implemented
the SQL Injection Blocker written by
What is the ASP equivalent of CFQUERYPARAM?
http://prepared-statement.blogspot.com/
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore,
Neat! Thanks Dave.
On Tue, Aug 19, 2008 at 11:54 AM, Dave Watts [EMAIL PROTECTED] wrote:
What is the ASP equivalent of CFQUERYPARAM?
http://prepared-statement.blogspot.com/
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber
: Tuesday, August 19, 2008 11:33 AM
Subject: Re: SQL injection attack on House of Fusion
Neat! Thanks Dave.
On Tue, Aug 19, 2008 at 11:54 AM, Dave Watts [EMAIL PROTECTED] wrote:
What is the ASP equivalent of CFQUERYPARAM?
http://prepared-statement.blogspot.com
denstar wrote:
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Filtering means allow unless it matches. A security measure should be
deny unless it
Mobile: 0404 998 273
-Original Message-
From: denstar [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 2:34 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
On Sat, Aug 16, 2008 at 10:04 PM, Andrew Scott wrote:
Well at the end of the day, I am currently using
On Sun, Aug 17, 2008 at 2:08 AM, Jochem van Dieten wrote:
denstar wrote:
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Filtering means allow unless
PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Rick,
I think it is only a matter of time, I only have one ColdFusion website that
is on a shared server/public. I have been through the attacks, but when
speaking with the hosting provider I think they started to put
Aegeon Pty. Ltd.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 10:16 PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Andrew,
I need to check with my
But hey I am not complaining...
Who are you, and why are you using Andrew's email address?
-Original Message-
From: Andrew Scott [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 17, 2008 5:19 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
LoL...
At the end
Filtering means allow unless it matches. A security
measure should be deny unless it matches.
I believe that depends on the proportion of wanted vs. unwanted items. On a
firewall, this is the best approach because there are far more ports that
you don't want to have available than there are
denstar wrote:
On Sun, Aug 17, 2008 at 2:08 AM, Jochem van Dieten wrote:
denstar wrote:
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Filtering means
On Fri, Aug 15, 2008 at 10:58 PM, Mark Mandel wrote:
What I'm curious about, is that there seems to be noone you can report this
to?
Well, I'm pretty sure there is something we could do, but the general
attitude seems to be to just suck it up.
And buy some stocks in the tech
On Fri, Aug 15, 2008 at 11:56 PM, Brad Wood [EMAIL PROTECTED] wrote:
They completely stopped on the 11th, but they are back to day spelling it
like DeCLARE.
We're seeing the same - we're using RegExp to pick 'em up now.
--
mac jordan
www.webhorus.net | www.reactivecooking.com |
Mark Mandel wrote:
What I'm curious about, is that there seems to be noone you can report this
to?
You can report it to the abuse department of the ISP of the originating
IP. Just look up the IP delegation and the abuse address is usually
right there.
Jochem
:37 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Mark Mandel wrote:
What I'm curious about, is that there seems to be noone you can report
this to?
You can report it to the abuse department of the ISP of the originating
IP. Just look up the IP delegation and the abuse
Andrew Scott wrote:
Ever heard of IP spoofing? Sure you need to complain about it, but the one
thing they need to do is track the packets.
IP spoofing is really only a significant problem with UDP. With TCP any
decent ISP will catch spoofs in their egress filters. Even your cheap,
Taiwanese
-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Saturday, 16 August 2008 10:15 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Andrew Scott wrote:
Ever heard of IP spoofing? Sure you need to complain about it, but the one
thing they need to do is track the packets
Andrew Scott wrote:
I believe IP spoofing is still a huge problem. I know little about it, so no
more comment on that but a quick google shows that it is still a huge
problem.
AIDS is a huge problem too. It is also about equally relevant for the
current wave of SQL injection attacks.
As
they are back.
Yeah, here too.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
August 2008 12:34 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Andrew Scott wrote:
I believe IP spoofing is still a huge problem. I know little about it, so
no
more comment on that but a quick google shows that it is still a huge
problem.
AIDS is a huge problem too
spoke about.
Still no reason Coldfusion can't and I will stand by that.
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 12:34 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Andrew Scott wrote:
I can't vouch
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
Andrew Scott wrote:
Ever heard of IP spoofing? Sure you need to complain about it, but the one
thing they need to do is track the packets.
IP spoofing is really only a significant problem with UDP. With TCP any
decent ISP will catch
Mobile: 0404 998 273
-Original Message-
From: denstar [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 1:14 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
Andrew Scott wrote:
Ever heard of IP spoofing
Andrew Scott wrote:
I stand by the fact that cfqueryparam, can and should be taken care of under
the hood. Other languages are doing it, so what does that tell you?
It tells me that they need additional configuration or convention.
I have 2 functions with the following signatures in my
You'll be happy to know that CF9 is rumoured to include Hibernate with
a corresponding set of tags, so CF should indeed be able to deal with
this under the hood.
On Sat, Aug 16, 2008 at 11:12 PM, Andrew Scott
[EMAIL PROTECTED] wrote:
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 1:29 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
: SQL injection attack on House of Fusion
You'll be happy to know that CF9 is rumoured to include Hibernate with
a corresponding set of tags, so CF should indeed be able to deal with
this under the hood.
~|
Adobe® ColdFusion® 8
Sorry for the problems with the House of Fusion site. We've been under
massive attack by sql injection bots and I've just been able to get a handle
on it. A fast solution to the problem is this:
cfif findnocase(';DECLARE, cgi.query_string)cfabort/cfif
It works unless you have a few hundred attacks
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
install it is located in C:\ColdFusion8\lib\neo-security.xml
Look at the following
I am new to the post, but I have been programming in CF for over 10 years and
know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1 server? I just
discovered the issue as it
I can't vouch for php, .Net but at least in the Java world ORM reduces that
risk to nil. And its built into the ORM, so if the ORM can't work out your
polymorphic function in the database then how does it do it?
php is as ColdFusion and Java; you can use a plain query string or use
a parametised
I am new to the post, but I have been programming in CF for over 10 years and
know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1 server? I just
discovered the issue as it
: Re: SQL injection attack on House of Fusion
I am new to the post, but I have been programming in CF for over 10 years
and know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
install it is located in C:\ColdFusion8\lib\neo-security.xml
Look at the following
will come, I'm sure...hang in there,
guys and gals.
Rick
-Original Message-
From: Mark Kruger [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 16, 2008 12:37 PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
David,
As a stop gap while in full force you could
I'm doing the request filtering in apache so that it never even
bothers my CF engine with the request, but I was wondering if Jochem
didn't like the filtering for a reason.
I wouldn't rely on it alone in any way, shape or form, but just
cutting down on the spam hits on the application seems like
1 - 100 of 275 matches
Mail list logo