Hacker adding links to CF files

Question

Hi,Someone is adding links to my CFM files. I am informed of this almost immediately and remove the offending code. The code is usually to knockoff brand stuff such as Michael Kors and Loius Vuitton.I am on CF 8.1 and Redhat 5.8 versions with latest security patches applied to both. This has been going on for over 3 years now and it is becoming very annoying. I would like a hint or 2 as to how they are accessing my files?boo1949

BKBK · Answer

Sounds like a case of Cross-Site Scripting (XSS). Carrying someone around on your back for 3 years is scandalous.

You should have sorted this out when you first disvovered it. Parasites persist only if you let them.

So, squash the pest now, once and for all. Our own Jason Dean (12Robots) gives tips on how to tackle XSS in ColdFusion. I could also find the following useful information on the web:

Security Advisory for ColdFusion:

http://www.adobe.com/support/security/advisories/apsa13-01.html

CVE report on ColdFusion Vulnerabilities (see, in particular, 'Code Execution' and 'XSS'):

http://www.cvedetails.com/product/8739/Adobe-Coldfusion.html?vendor_id=53

Code injection by hackers via coldfusion:

http://forums.adobe.com/thread/438275

Tools:

http://portcullis.riaforge.org/

http://qpScanner.riaforge.org/