Re: verynx SQL injection attack

Subject:	Re: verynx SQL injection attack
From:	larryclyons <larryclyons@xxxxxxxxx>
Date:	Sat, 26 Jul 2008 05:27:43 -0700 (PDT)
Newsgroups:	macromedia.coldfusion.server_administration


Forgot to mention that this script only protects against URL based
attacks. You'll have to do something similar to prevent attacks using
forms. Generally the first line of defense is to use <cfqueryparam and
the val() function (for numeric input). This script is just extra
insurance.

regards,
larry

On Jul 25, 9:01 am, larryclyons <larrycly...@xxxxxxxxx> wrote:
> Other than using cfqueryparam, this short script may help with this
> sort of injection attack.
>
> hth,
> larry
>
> <cfif cgi.SCRIPT_NAME contains "CHAR(4000)" OR cgi.PATH_INFO contains
> "CHAR(4000)" OR cgi.QUERY_STRING contains "CHAR(4000)">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "EXEC(" OR cgi.PATH_INFO contains
> "EXEC(" OR cgi.QUERY_STRING contains "EXEC(">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "DECLARE" OR cgi.PATH_INFO contains
> "DECLARE" OR cgi.QUERY_STRING contains "DECLARE">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "CREATE TABLE" OR cgi.PATH_INFO
> contains "CREATE TABLE" OR cgi.QUERY_STRING contains "CREATE TABLE">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "UPDATE" OR cgi.PATH_INFO contains
> "UPDATE" OR cgi.QUERY_STRING contains "UPDATE">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "EXECUTE" OR cgi.PATH_INFO contains
> "EXECUTE" OR cgi.QUERY_STRING contains "EXECUTE">
>         <cfabort>
> </cfif>
> <cfif cgi.SCRIPT_NAME contains "CAST(" OR cgi.PATH_INFO contains
> "CAST(" OR cgi.QUERY_STRING contains "CAST(">
>         <cfabort>
> </cfif>
>
> UniWebDude wrote:
> > I have tried to submit this in a non-forum fashion, but being as this 
> > attack is
> > well published on the internet I thought here is fine.
>
> >  We are running linux and CF7 into a MSSQL 2000 backend and we have been on 
> > the
> > recieving end of several SQL injection attacks.  We have taken action to
> > prevent this specific attack but I wondered if there is/will be a patch to
> > remove this vulnerablility from CF7 ?
>
> >  http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:57065
>
> >  Cheers,
> >  Matt.

<Prev in Thread]	Current Thread	[Next in Thread>
verynx SQL injection attack, UniWebDude Re: verynx SQL injection attack, ke4pym Re: verynx SQL injection attack, Ian Skinner Re: verynx SQL injection attack, Kronin555 Re: verynx SQL injection attack, UniWebDude Re: verynx SQL injection attack, Kronin555 Re: verynx SQL injection attack, Jochem van Dieten AdobeCommunityExpert Re: verynx SQL injection attack, larryclyons Re: verynx SQL injection attack, larryclyons <=

Previous by Date:	Re: unexpected constant #2 65, ksmith
Next by Date:	Web Service Registration, dformica
Previous by Thread:	Re: verynx SQL injection attack, larryclyons
Next by Thread:	Debugging mode, JFedSolo
Indexes:	[Date] [Thread] [Top] [All Lists]