Re: verynx SQL injection attack

[larryclyons <larryclyons@xxxxxxxxx>]

Other than using cfqueryparam, this short script may help with this
sort of injection attack.

hth,
larry

<cfif cgi.SCRIPT_NAME contains "CHAR(4000)" OR cgi.PATH_INFO contains
"CHAR(4000)" OR cgi.QUERY_STRING contains "CHAR(4000)">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "EXEC(" OR cgi.PATH_INFO contains
"EXEC(" OR cgi.QUERY_STRING contains "EXEC(">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "DECLARE" OR cgi.PATH_INFO contains
"DECLARE" OR cgi.QUERY_STRING contains "DECLARE">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "CREATE TABLE" OR cgi.PATH_INFO
contains "CREATE TABLE" OR cgi.QUERY_STRING contains "CREATE TABLE">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "UPDATE" OR cgi.PATH_INFO contains
"UPDATE" OR cgi.QUERY_STRING contains "UPDATE">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "EXECUTE" OR cgi.PATH_INFO contains
"EXECUTE" OR cgi.QUERY_STRING contains "EXECUTE">
        <cfabort>
</cfif>
<cfif cgi.SCRIPT_NAME contains "CAST(" OR cgi.PATH_INFO contains
"CAST(" OR cgi.QUERY_STRING contains "CAST(">
        <cfabort>
</cfif>


UniWebDude wrote:
> I have tried to submit this in a non-forum fashion, but being as this attack 
> is
> well published on the internet I thought here is fine.
>
>  We are running linux and CF7 into a MSSQL 2000 backend and we have been on 
> the
> recieving end of several SQL injection attacks.  We have taken action to
> prevent this specific attack but I wondered if there is/will be a patch to
> remove this vulnerablility from CF7 ?
>
>   http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:57065
>
>  Cheers,
>  Matt.