cfexecute.com

• Home Page
•  »  Blog
•  » ColdFusion SQL Injections

ColdFusion SQL Injections

This post may be a little late for those of you in the ColdFusion world who may be dealing with an ongoing SQL injection attack. Believe my, I've delt with plenty of them this week, working for one of the most popular ColdFusion hosts will do that and I'm getting tired of doing DB restores because people are still not using cfqueryparm. I won't go into a big to-do on using it, but thought it would be nice to gather all the recent blog posts about the recent injection attacks on ColdFusion servers and have one place to link to them all. If I missed your post, sorry just going by what Google Reader found from ColdFusionBloggers and the individual blogs I've subscribed to. You may also want to check out the Portcullis application on RIAForge for site wide protection.

• Mastering cfqueryparam
• SQL Injection Attacks and How to Protect Yourself
• Parameterize your queries without lifting a finger
• A few more thoughts on SQL injection
• When will cfqueryparam NOT protect me?
• QueryParam Scanner- You've got no excuse now
• Use CFQUERYPARAM!!
• A Stop Gap Measure for Current SQL Injection
• Hacker Webzine Recommends Use Of CFQUERYPARAM
• Using Eclipse to find queries that aren't using <cfqueryparam />
• CFQUERYPARAM with LIKE and IN Clauses
• SQL Injection Attacks, Easy To Prevent, But Apparently Still Ignored
• ColdFusion SQL Injection
• Just when you felt safe... SQL Injection and MySQL
• RegEx to find SQL in code without CFQueryParam
• Combining SQL Query Strings and CFQUERYPARAM
• SQL Injection Part II (Make Sure You Are Sitting Down)
• SQL Injection Part III - Don't Forget Sorting
• Today is Operation cf_SQLprotect
• Adding Cfqueryparams to a Legacy Site Without Losing Your Hair
• Ask-a-Muse: How Can Cfqueryparam Protect Me?
• ColdFusion Developer's Journal Special: How to Prevent an SQL Injection Attack
• A Better Blacklist Function for SQLi
• What? Folks aren't using cfqueryparam?
• Giant SQL Injection Spider Attack
• Protect your websites, logs, and inbox from SQL Injection
• My analysis of the SQL injection zombies
• SQL Injection Hack using CAST from 1.verynx.cn
• SQL Injection Attack going around
• New SQL Injection Attack Infecting Machines
• What is a SQL Injection Attack
• 2 Methods to Help Prevent SQL Injections with ColdFusion
• How to Fix a SQL Injection Attack
• How to Protect Your Website from a Malicious Attack
• Web Application Vulnerabilities Can Make The Difference - How To Tackle The Threat
• Preventing SQL Injection
• SQL Injection and CFQUERYPARAM
• Tip: Protect your MySQL from SQL Injection

8/12/2008: I started this post almost a month ago, and it seems that Slashdot has finally picked up on the SQL injection attacks.

There you have it in no particular order. There are a few posts from the same blog and I may clean this up later to be sorted by blog and date, but its really late and its been a long week of cleaning up databases from coders who know just enough ColdFusion to be dangerous.

Last Updated: 10/20/2008 8:30 PM