?
Solved

issue with portcullis.cfc(sql injection)

Posted on 2009-04-24
5
Medium Priority
?
1,000 Views
Last Modified: 2013-12-20
Hi ,

 iam having an issue with portcullis.cfc file i.e.., when i enter (select,delete or update) in the form
i.e in the input box and then when i enter Submit it is replacing the (select,delete or update) with the
[INVALID] but it is submitting to database and entering with [INVALID] can u please tell me how to
stop this. any help would be kindly appreciated
U Can download the opensource file from the link:
http://labs.fusionlink.com/katapult/index.cfm?page=projects/portcullis
0
Comment
Question by:shariff_pasha
  • 4
5 Comments
 
LVL 16

Assisted Solution

by:Gurpreet Singh Randhawa
Gurpreet Singh Randhawa earned 80 total points
ID: 24244564
Can U show me Your query how you doing it

0
 
LVL 2

Author Comment

by:shariff_pasha
ID: 24247806
hi randhawa this is my adduser.cfm and application.cfm files please take a loop in to that and please convert them to .cfm and my problem is whenever a user enters sqlFilter,tagFilter and wordFilter(see portcullis.cfc ) in to the form it converts them to [INVALID] but i want to redirect them to error page whenever a user try to do a sql injection or xss.
adduser.txt
application.txt
0
 
LVL 2

Accepted Solution

by:
shariff_pasha earned 0 total points
ID: 24589586
Hi i solved it myself by just redirecting when the text input has [INVALID].
0
 
LVL 2

Author Comment

by:shariff_pasha
ID: 24589622
no reply from any experts
0
 
LVL 2

Author Comment

by:shariff_pasha
ID: 24589639
no reply
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction In this tutorial, I'll explain how to create an animated progress meter in a wireframe prototype developed using Axure RP 7.0 - a leading prototyping tool for designing web sites and software. (For more information about Axure and gett…
Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
The purpose of this video is to demonstrate how to properly insert a Vimeo Video into a WordPress site or Blog. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp…
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question