Detecting SQL Injection with ScriptProtect
It occurred to me this morning that ScriptProtect can be a handy feature for globally catching a few forms of SQL Injection Attacks
WARNING - just like its inability to protect against all forms of XSS attacks this solution DOES NOT protect you from all SQL Injection attacks.
You can edit, and add the regular expression patterns for the scriptprotect feature in ColdFusion MX 7 by editing
neo-security.xml located in
WEB-INF/cfusion/lib. Add the following pattern under the default cross site scripting pattern.
<var name=";.*(select|insert|update|delete|drop|alter|create)"> <string>SQL_INJECTION_ATTEMPT</string> </var>
I first tried just using a
; as the pattern - but that caused problems with some of the variables in the CGI scope (things like User Agent often have semi-colon's in them). So the pattern now looks for a semi-colon followed by zero or more characters followed by a select, insert, update, delete, drop alter or a create.
Don't expect to catch all possible SQL Injection attacks with this, so don't trust it to stop them. I'm just posting this FYI.
Like this? Follow me ↯Tweet Follow @pfreitag
Detecting SQL Injection with ScriptProtect was first published on May 18, 2005.
If you like reading about scriptprotect, sql injection, security, or coldfusion 7 then you might also like:
- Devnet Article on Securing CF From SQL Injection
- ScriptProtect in ColdFusion MX 7 not a catch all
- Mastering CFQUERYPARAM
- Announcing Web Application Firewall for ColdFusion
- CFPARAM for Simple String Validation
- Web Application Vulnerabilities trump Buffer Overflows
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.