SQL Injection Hack using CAST from 1.verynx.cn

I found some interesting articles about this hacker attack using SQL injection and I’m aggregating them here. I got this custom tag from “Por que CF” (Why CF) written by Pedro Claudio (CF-Brasil), and here is its usage:
<cf_DisableSQLInjection> Block and log the results
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail” mailfrom=“mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404″ >Block, log, and send email with a title
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404″ message=<h3>Erro 404 – page not found</h3> >Block, log, send a message with title and HTML message

Download the custom tag here.

There is another excellent article with examples by Devit!.

Bookmark and Share
Leave a comment | Trackback
Aug 27th, 2008 | Posted in ColdFusion, Database, SQL
Tags: , ,
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
RSS for comments on this post