Tom Muck

Blog

Tom Muck's Blog Category: CartweaverTom Muck's Blog

News and Views

12 posts
Showing 1 | Next (page 1 of 12)

New round of SQL injection from China

Friday, August 08, 2008 12:02:55 PM

Be on the watch for new SQL injection attempts, coming from China, using an ascii-encoded binary string. Essentially, what it does is find a vulnerable database and append a string to the fields in every table. The string is a closing </title> tag with a script, followed by a comment to hide the rest of the page:

http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

I put something like this in my application.cfm file to re-rout the attackers temporarily:

<cfif FindNoCase('user>0',cgi.query_string) OR findNoCase('declare',cgi.query_string)
OR findNoCase('EXEC(@',cgi.query_string)>
<cflocation url="http://www.ftc.gov">
</cfif>

Category tags: Dreamweaver, ColdFusion, Cartweaver

Posted by Tom Muck
(Add Comment disabled) | (3) | Permalink | Trackbacks (0) | Digg This

[フレーム]

12 posts
Showing 1 | Next (page 1 of 12)

Before posting comments or trackbacks, please read the posting policy.

Full Blog Calendar

Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
About | Privacy Policy | Contact | License Agreement | ©2002-2025 Tom Muck | Dreamweaver Extensions

AltStyle によって変換されたページ (->オリジナル) /