Tom Muck's Blog Category: Cartweaver
News and Views
12 posts
Showing 1
| Next
(page 1 of 12)
New round of SQL injection from China
Friday, August 08, 2008 12:02:55 PM
Be on the watch for new SQL injection attempts, coming from China, using an ascii-encoded binary string. Essentially, what it does is find a vulnerable database and append a string to the fields in every table. The string is a closing </title> tag with a script, followed by a comment to hide the rest of the page:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx
I put something like this in my application.cfm file to re-rout the attackers temporarily:
<cfif FindNoCase('user>0',cgi.query_string) OR findNoCase('declare',cgi.query_string)
OR findNoCase('EXEC(@',cgi.query_string)>
<cflocation url="http://www.ftc.gov">
</cfif>
Category tags: Dreamweaver, ColdFusion, Cartweaver
Posted by Tom Muck
(Add Comment disabled)
|
View comments (3) |
Permalink
|
Trackbacks (0)
|
Digg This
12 posts
Showing 1
| Next
(page 1 of 12)
Before posting comments or trackbacks, please read the posting policy.