<div>
Perfect Thanks!<br />
<br />
This is what I had indicated to our vendor also, again thanks for reaffirming my initial thoughts.
</div>


Perfect Thanks!

This is what I had indicated to our vendor also, again thanks for reaffirming my initial thoughts.

<div>
<div class="content wysiwyg-content">
In Cold Fusion, using &lt;cfquery&gt; is it possible to break out of a sql &quot;IN&quot; clause to perform a sql injection attack, with something other than a select statement as the parameter?<br />
<br />
Wiki and google lead me to dead ends, and only mentioned the &quot;like&quot; statement.<br />
<br />
<br />
I.E. Can I insert, update, delete, etc?<br />

<pre><code id="code-221934">Psuedo code EX.&lt;cfquery&gt;  Select * from example.table where example.arg in (#someid#) &lt;/cfquery&gt;
</code></pre>
</div>
</div>


In Cold Fusion, using <cfquery> is it possible to break out of a sql "IN" clause to perform a sql injection attack, with something other than a select statement as the parameter?

Wiki and google lead me to dead ends, and only mentioned the "like" statement.


I.E. Can I insert, update, delete, etc?

ColdFusion SQL Injection

A web server refers to the software that helps to deliver web content that can be accessed either through the Internet or through an intranet. The primary function of a web server is to store, process and deliver web pages to clients. The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP). The most common use of web servers is to host websites, but there are other uses such as gaming, data storage, running enterprise applications, handling email, FTP, etc.

Web Servers

Project management is the discipline of carefully projecting or planning, organizing, motivating and controlling resources to achieve specific goals and meet specific success criteria. A project is a temporary endeavor designed to produce a unique product, service or result with a defined beginning and end (usually time-constrained, and often constrained by funding or deliverables) undertaken to meet unique goals and objectives, typically to bring about beneficial change or added value.

Project Management

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.