Thursday, April 2, 2009

Sql Injection vulnerabilities in your Application

and download :

it will check all the
queries with sql injection weakness and add cfqueryparam for all the queries .....for this u have to keep the downloaded file in to the webroot and run the file...

Here's the highlights of Daryl's script:

* It's a single stand alone .cfm file
* It will (optionally) drill down recursively from its current location and scan all CFML for cfquery tags with missing cfqueryparam tags
* It automatically skips files starting with an underscore, and folders starting with a period
* The tool gives you the option to check a box next to the queries you want to automatically fix, and submit the form. It will then edit each of those files and wrap your parameters in a cfqueryparam tag!
* It backs up the old file for you in case to need to roll back (test.cfm.old)
* In general the only attribute it uses for the cfqueryparam tag is value, but it will add cfsqltype="CF_SQL_TIMESTAMP" if the column name contains the word "date", or the parameter contains "now()"

go through this link

No comments: