Massive SQL Injection Attack

Posted At : August 8, 2008 10:35 PM | Posted By : Admin
Related Categories: ColdFusion

My main other site is getting hammered by an unrelenting SQL injection attack. I now completely realize the importance of locking down your queries.

I can only hope that BlogCFC is immune. :)

Here is a full description of this particular attack... which is apparently hitting a bunch of sites. Info provided via a simple Google search.

Comments (2) |

Print |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 232 Views

Comments

[Add Comment]

Something similar has been making the rounds for a bit. Ben Forta blogged about it; as did others. I assume this is the same hack.

Use cfqueryparam and you'll be safe. Does becoming a hacker target mean that CF is finally coming into it's own?

# Posted By Jeffry Houser | 8/9/08 6:48 AM

I had an old client get his with this. Their site was coded years ago and they never had money for updates to ANYTHING. There were a couple pages where I hadn't used cfqueryparam(too much of a newb back then). So the DB was wide open for the attack.

Luckily the attack attempted to insert a external javascript call, but the code was malformed and the url was dead anyway. In either case a quick db restore and a few cfqueryparam tags cleared it up without much of a hiccup.

# Posted By Mike | 8/9/08 2:04 PM

[Add Comment]

My World