<< India CFUG - Hyderabad

Blog

Our Blog

Blog Home | About | Entries By Date | Search

Posts

1-6 of 6

Sql Injection Weakness In Your Application 1
Entry posted on Apr 09 by shariff4466

Entry posted Mar 26 by shariff4466, tagged Development in Blog public | Edit |

Go through this link


http://www.codersrevolution.com/index.cfm/2008/7/24/Parameterize-your-queries-without-lifting-a-finger


and download :


http://www.webapper.net/index.cfm/2008/7/22/ColdFusion-SQL-Injection

it will check all the

queries with sql injection weakness and add cfqueryparam for all the queries Where ever it is not available as shown in the figure and when u enter the submit button it will modify all the queries and it will automatically take the back up of older file by placing extension as (.old).....for this u have to keep the downloaded file in to the webroot of u r application  and run the file.


Recent Comments (1 of 1)
04/09/09 by CF Mitrah: Nice post. I ll try this in all my future projects to check the Sql Injecti...

What Is Cross Site Scripting and How to Avoid it
Entry posted on Apr 10 by shariff4466

XSS:

Here's a little test form to show how things work

<cfoutput>
<cfif structkeyexists(form, "f1")>
#form.f1#
</cfif>
<cfif structkeyexists(form, "f2")>
      <cfset myvar = rereplacenocase(form.f2,"<[^>]*>", "", "All")>
      #myvar#
      <hR>
</cfif>
<cfif structkeyexists(form, "f3")>
      I'm an injected iframe<br>
      #form.f3#<br>
      That's bad ;(
      <hR>
</cfif>
<cfif structkeyexists(form, "f4")>
      <cfset myvar = rereplacenocase(form.f4,"<[^>]*>", "", "All")>
     
      No iframe here
      #myvar#
     
</cfif>

</cfoutput>
<hr>
<form name="1" method="post" action="index.cfm">
      <input type="text" name="f1" value="<script>alert('oops')</script>"><br>
      <input type="text" name="f2" value="<script>alert('i am harmless')</script>"><br>
      <input type="text" name="f3" value="<iframe src=http://www.google.com style=width:200px;height:200px;font-size:.7em></iframe>"><br>
      <input type="text" name="f4" value="<iframe src=http://www.google.com style=width:200px;height:200px;font-size:.7em></iframe>">">
      <input type="submit">
</form>



important...if you use the global script protection setting in CF8 it does -NOT- prevent the iframe insert so you need to use the rereplace regex



ColdFusion 8 Getting Started Experience with video demos
Entry posted on Aug 31 by shariff4466

http://examples.adobe.com/cf8gettingstarted/experience/index_content.cfm

Code Snippets by Feature and Tasks  :

http://examples.adobe.com/cf8gettingstarted/experience/snippets.cfm

Explore Real-World Example Applications :

http://examples.adobe.com/cf8gettingstarted/experience/explore.cfm



Adobe Dev Summit Hyderabad
Entry posted on Dec 15 by shariff4466

The presentations and demo assets from the Adobe dev summit which held on Dec 1st 2009 at Hyderabad are now available for download from the following location

CLICK HERE



Coldfusion 9 Certification
Entry posted on Nov 12 by shariff4466 , tagged Development

If anyone want to know about the coldfusion 9 certification details click on the below link for the information.

http://blogs.adobe.com/adc/2010/11/coldfusion-9-certification-exam-now-available.html

http://partners.adobe.com/public/en/ace/ACE_Exam_Guide_ColdFusion9.pdf



FB group for Indian ColdFusion developers
Entry posted on Aug 02 by shariff4466

Hi guys join

FB group for Indian ColdFusion developers

http://www.facebook.com/groups​/181974545196796/

Filter by Date

<< May 2013 >>
Su Mo Tu We Th Fr Sa
      01 02 03 04
05 06 07 08 09 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Filter by Tag

All
Design
Development
Event
Interactive Experience
Mobile
News
Print
Rich Internet Apps
Video

Change View

Titles
Summaries
Table
Clip
Clip & Comments
Full

Change Sort

Alphabetically
By Last Activity
By Date Posted
By Number of Comments
By Number of Views
By Author