Re: Pre-populate select box causing query error

Subject:	Re: Pre-populate select box causing query error
From:	Ian Skinner <iskinner@xxxxxxxxxxx>
Date:	Tue, 22 Jul 2008 07:58:10 -0700
Newsgroups:	macromedia.coldfusion.database_access



psimth wrote:

CFQUERYPARAM caught the following attempt at SQL Injection.

 Would someone please explain what they were trying to do?

It is a sophisticated SQL Injection attack. If it where successful itwould append a string to any and all character fields an any and alluser defined tables in your database. Usually a link to some crossscripting JavaScript or link spam page.

There is a long discussion about this on the house of fusion site.http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:57065

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Pre-populate select box causing query error, psimth Re: Pre-populate select box causing query error, Ian Skinner <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Pre-populate select box causing query error, psimth
Next by Date:	Condition select/sort of a query of a query?, kiyomi
Previous by Thread:	Re: Pre-populate select box causing query error, psimth
Next by Thread:	Condition select/sort of a query of a query?, kiyomi
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Pre-populate select box causing query error, psimth

Next by Date:

Condition select/sort of a query of a query?, kiyomi

Previous by Thread:

Re: Pre-populate select box causing query error, psimth

Next by Thread:

Condition select/sort of a query of a query?, kiyomi

Indexes:

[Date] [Thread] [Top] [All Lists]