Thursday, April 2, 2009

Sql Injection vulnerabilities in your Application

http://www.codersrevolution.com/index.cfm/2008/7/24/Parameterize-your-queries-without-lifting-a-finge


and download :


http://www.webapper.net/index.cfm/2008/7/22/ColdFusion-SQL-Injection

it will check all the
queries with sql injection weakness and add cfqueryparam for all the queries .....for this u have to keep the downloaded file in to the webroot and run the file...

Here's the highlights of Daryl's script:

* It's a single stand alone .cfm file
* It will (optionally) drill down recursively from its current location and scan all CFML for cfquery tags with missing cfqueryparam tags
* It automatically skips files starting with an underscore, and folders starting with a period
* The tool gives you the option to check a box next to the queries you want to automatically fix, and submit the form. It will then edit each of those files and wrap your parameters in a cfqueryparam tag!
* It backs up the old file for you in case to need to roll back (test.cfm.old)
* In general the only attribute it uses for the cfqueryparam tag is value, but it will add cfsqltype="CF_SQL_TIMESTAMP" if the column name contains the word "date", or the parameter contains "now()"


go through this link
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)