Re: SQL injection embeded .js file to execute CF hack

macromedia.coldfusion.cfml_general_discussion

Re: SQL injection embeded .js file to execute CF hack

Subject:	Re: SQL injection embeded .js file to execute CF hack
From:	"Kronin555" <webforumsuser@xxxxxxxxxxxxxx>
Date:	Mon, 28 Jul 2008 03:42:18 +0000 (UTC)
Newsgroups:	macromedia.coldfusion.cfml_general_discussion


> 2. If database parameters are not locked, what are the possible attacks 
available to SQL injection

 Absolutely anything can be done that the user set up in the datasource can do. 
If the user has rights to drop tables, then a SQL injection attack could drop 
whole tables, etc.

 That said, it sounds like there are new files on the server (you reference new 
.js files and .xml files). Are there any sections of the site that allow users 
to upload files? What other services are running on the server that are 
accepting connections? Sounds like there's more going on than a simple SQL 
injection attack.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
SQL injection embeded .js file to execute CF hack, ajdove Re: SQL injection embeded .js file to execute CF hack, Ken Ford Re: SQL injection embeded .js file to execute CF hack, Kronin555 <= Re: SQL injection embeded .js file to execute CF hack, ajdove Re: SQL injection embeded .js file to execute CF hack, Kronin555 Re: SQL injection embeded .js file to execute CF hack, ajdove Re: SQL injection embeded .js file to execute CF hack, Kronin555 Re: SQL injection embeded .js file to execute CF hack, ajdove

Previous by Date:	Re: setFocus, Ken Ford
Next by Date:	Re: SQL injection embeded .js file to execute CF hack, ajdove
Previous by Thread:	Re: SQL injection embeded .js file to execute CF hack, Ken Ford
Next by Thread:	Re: SQL injection embeded .js file to execute CF hack, ajdove
Indexes:	[Date] [Thread] [Top] [All Lists]