On Thursday 09 Oct 2008, Tim Do wrote:
I'm no security expert, but from what I understood all the inline
queries and input variables not being sanitized caused the sql
injections. that has been cleaned up. what else can it be?
http://www.owasp.org/index.php/Top_10_2007 etc.
--
Tom
]
Sent: Friday, October 10, 2008 3:44 AM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
On Thursday 09 Oct 2008, Tim Do wrote:
I'm no security expert, but from what I understood all the inline
queries and input variables not being sanitized caused the sql
injections. that has been
Don't forget to check things like order by variables.
http://www.coldfusionmuse.com/index.cfm/2008/7/21/SQL-injection-using-order-
by
Also with regard to application.cfm. Make sure every page is running that
file. For example, do you have included that might not be intended to be
run as URLs. Or
It must be Application.cfm - Adobe have now plans to make it case
insensitive. Same goes for OnRequestEnd.cfm.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
: Re: attack site / sql injections HELP!
It must be Application.cfm - Adobe have now plans to make it case
insensitive. Same goes for OnRequestEnd.cfm.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release
-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2008 6:57 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
Tim, I have confirmed you do in fact still have at least one page on
your
site with malicious content. I just created a simple script which hit
every
page
:40 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
Once you do all that, there's a link you can go to from the attack site
notiifcation in FF3 that lets you submit the site back to Google for
review. Once they review, they will hopefully remove it.
Rob
On Wed, Oct 8, 2008 at 4:37
On Thursday 09 Oct , Tim Do wrote:
I already did that, submitted and it took couple days but they found
more suspicous content!? how is that possible??
You mean they found more, that isn't there anymore, or your site still has a
security hole ?
--
Tom Chiverton
Helping to challengingly
8:23 AM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
On Thursday 09 Oct , Tim Do wrote:
I already did that, submitted and it took couple days but they found
more suspicous content!? how is that possible??
You mean they found more, that isn't there anymore, or your site still
has
Tim, I have confirmed you do in fact still have at least one page on your
site with malicious content. I just created a simple script which hit every
page Google has for your site and breifly analyzed the source.
I googled for site:connhisto.org
I then copied and pasted the 24 links into a
still dealing w/ the friggin sql injections, I've cleansed all the
inline queries and added all the queryparams in. I also left in the
code in application.cfm for safe measure.
the problem that I'm having now is the google safe browsing. from what
I understand its on firefox3, the Tell me if
still dealing w/ the friggin sql injections, I've cleansed all the
inline queries and added all the queryparams in. I also left in the
code in application.cfm for safe measure.
the problem that I'm having now is the google safe browsing. from what
I understand its on firefox3, the Tell me
yes, I already cleaned out the tables. double checked to see and it's
clean.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2008 4:37 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
still dealing w/ the friggin sql injections
Once you do all that, there's a link you can go to from the attack
site notiifcation in FF3 that lets you submit the site back to Google
for review. Once they review, they will hopefully remove it.
Rob
On Wed, Oct 8, 2008 at 4:37 PM, Dave Watts [EMAIL PROTECTED] wrote:
still dealing w/ the
PROTECTED]
Sent: Wednesday, October 08, 2008 4:37 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
still dealing w/ the friggin sql injections, I've cleansed all the
inline queries and added all the queryparams in. I also left in the
code in application.cfm for safe measure
I already did that, submitted and it took couple days but they found
more suspicous content!? how is that possible??
-Original Message-
From: RobG [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2008 4:40 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
Once you do
yes, I already cleaned out the tables. double checked to see and it's
clean.
Can you post one of the URLs which Google is complaining about? Or
send it to me off-list?
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
http://www.google.com/safebrowsing/diagnostic?site=http://www.connhisto.org/hl=en
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wed 10/8/2008 4:48 PM
To: cf-talk
Subject: Re: attack site / sql injections HELP!
yes, I already cleaned out the tables. double
18 matches
Mail list logo