ColdFusion SQL Injections

This post may be a little late for those of you in the ColdFusion world who may be dealing with an ongoing SQL injection attack. Believe my, I’ve delt with plenty of them this week, working for one of the most popular ColdFusion hosts will do that and I’m getting tired of doing DB restores because people are still not using cfqueryparm. I won’t go into a big to-do on using it, but thought it would be nice to gather all the recent blog posts about the recent injection attacks on ColdFusion servers and have one place to link to them all. If I missed your post, sorry just going by what Google Reader found from ColdFusionBloggers and the individual blogs I’ve subscribed to. You may also want to check out the Portcullis application on RIAForge for site wide protection.

8/12/2008: I started this post almost a month ago, and it seems that Slashdot has finally picked up on the SQL injection attacks.
There you have it in no particular order. There are a few posts from the same blog and I may clean this up later to be sorted by blog and date, but its really late and its been a long week of cleaning up databases from coders who know just enough ColdFusion to be dangerous.
Last Updated: 10/20/2008 8:30 PM

Leave a Reply

Your email address will not be published. Required fields are marked *