Tom Muck

Alpha Dog Blues Band
Home page
All articles
All Extensions | Extension News | Extension FAQs | Customer Login
Books authored or co-authored by Tom Muck
Extensions, books, and other products | Customer Login
Your current cart contents
Tom-Muck.com Blog | CMXTraneous Blog | Flash Remoting Blog
About the site

Blog

Tom Muck's Blog: New round of SQL injection from ChinaTom Muck's Blog

News and Views


Previous Post | Next Post

New round of SQL injection from China

Friday, August 08, 2008 12:02:55 PM

Be on the watch for new SQL injection attempts, coming from China, using an ascii-encoded binary string. Essentially, what it does is find a vulnerable database and append a string to the fields in every table. The string is a closing </title> tag with a script, followed by a comment to hide the rest of the page:

http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

I put something like this in my application.cfm file to re-rout the attackers temporarily:

<cfif FindNoCase('user>0',cgi.query_string) OR findNoCase('declare',cgi.query_string)
OR findNoCase('EXEC(@',cgi.query_string)>
    <cflocation url="http://www.ftc.gov">
</cfif>

Category tags: Dreamweaver, ColdFusion, Cartweaver

Posted by Tom Muck
(Add Comment disabled) | View comments (3) | Permalink | Trackbacks (0) | Digg This


Previous Post | Next Post

Before posting comments or trackbacks, please read the posting policy.

Full Blog Calendar

Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
Pay me securely with your Visa, MasterCard, Discover, or American Express card through PayPal!
About | Privacy Policy | Contact | License Agreement | ©2002-2025 Tom Muck | Dreamweaver Extensions