WhosOnCFC SQL Attack View
I suppose I will go ahead and post the complete code for my SQL Attack page. I posted the first bit yesterday afternoon, but I have added in some other details.
For a sample of the output you can see my SQL Attacks page
I suppose I could have went with a QoQ to filter out the injection signature, but I decided just to loop through the query returned by WhosOnline() for simplicities sake.
<cfset myQuery=application.whoson.WhosOnline(true,true)>
<cfset attacks=0>
<cfloop query="myQuery">
<cfif findNoCase("cast(",myQuery.CurrentPage)>
<cfset attacks+=1>
</cfif>
</cfloop>
<br>
<br>
<cfoutput>SQL Injection attacks in the last #application.whoson.getCurrentControlSet().trackTime# hours: #attacks#</cfoutput>
<cfif attacks>
<br>
<br>
<table cellpadding="0" cellspacing="0" border="0" style="width: 95%">
<tr>
<td style="border-bottom: 1px solid black;">Host Name</td>
<td style="border-bottom: 1px solid black;">Country</td>
<td style="border-bottom: 1px solid black;">City</td>
<td style="border-bottom: 1px solid black;">Page Attacked</td>
<td style="border-bottom: 1px solid black;">Time</td>
</tr>
<cfloop query="myQuery">
<cfif findNoCase("cast(",myQuery.CurrentPage)>
<tr>
<td><cfoutput>#myQuery.HostName#</cfoutput></td>
<td><cfoutput>#myQuery.Country#</cfoutput></td>
<td><cfoutput>#myQuery.City#</cfoutput></td>
<td><cfoutput>#ListGetAt(ListGetAt(myQuery.CurrentPage,3,"/"),1,"?")#</cfoutput></td>
<td><cfoutput>#timeFormat(myQuery.LastUpdated,"h:mm tt")#</cfoutput></td>
</tr>
</cfif>
</cfloop>
</table>
<cfelse>
No attacks to report.
</cfif>
<cfset attacks=0>
<cfloop query="myQuery">
<cfif findNoCase("cast(",myQuery.CurrentPage)>
<cfset attacks+=1>
</cfif>
</cfloop>
<br>
<br>
<cfoutput>SQL Injection attacks in the last #application.whoson.getCurrentControlSet().trackTime# hours: #attacks#</cfoutput>
<cfif attacks>
<br>
<br>
<table cellpadding="0" cellspacing="0" border="0" style="width: 95%">
<tr>
<td style="border-bottom: 1px solid black;">Host Name</td>
<td style="border-bottom: 1px solid black;">Country</td>
<td style="border-bottom: 1px solid black;">City</td>
<td style="border-bottom: 1px solid black;">Page Attacked</td>
<td style="border-bottom: 1px solid black;">Time</td>
</tr>
<cfloop query="myQuery">
<cfif findNoCase("cast(",myQuery.CurrentPage)>
<tr>
<td><cfoutput>#myQuery.HostName#</cfoutput></td>
<td><cfoutput>#myQuery.Country#</cfoutput></td>
<td><cfoutput>#myQuery.City#</cfoutput></td>
<td><cfoutput>#ListGetAt(ListGetAt(myQuery.CurrentPage,3,"/"),1,"?")#</cfoutput></td>
<td><cfoutput>#timeFormat(myQuery.LastUpdated,"h:mm tt")#</cfoutput></td>
</tr>
</cfif>
</cfloop>
</table>
<cfelse>
No attacks to report.
</cfif>
There are no comments for this entry.
[Add Comment]