We have a ColdFusion page where admins can insert/update some real estate records after logging in. We are noticing that in one table’s Memo field called ‘description’, there are sometimes tags which hacking/junk info occasionally. I have introduced Captcha. The page is password protected and no linked from any pages–no accessible by search engines unless someone gave out the url accidentally. We are now also tracking the IP address of the person who is doing the inserts/updates. But still we just saw that all the data in the description field had the [junk text] -appended’ to the end of the valid text , with an internal ip address of 192.168.0.101. This IP is someone’s personal computer. One of our theory is that the person’s computer is compromised. But what kind of virus would do that? Also, what I would like to do is to have a field called ‘approved’ which is ‘no’ by default but anytime an Insert/Update happens it goes to ‘no’ and ‘triggers’ an email to admins about the change. What could be the syntax of that inside SSMS? Thanks!
We have a ColdFusion page where admins can insert/update some real estate records after
Share
The most likely cause is SQL injection. It could be that your internal PC is compromised by malware or a viris that is attacking your site using one of many dozen attacks. The most common of them do exactly what you are describing…append content to the end of text or character fields in the DB. Here’s a description of one common attack that does just that.
I would also check the following
Finally, check all your cod for vulnerability to SQLi. Make sure all your variables use cfqueryparam and you have other controls in place. Passwords are not the only level of protection you need 🙂