Tuesday, September 14, 2010

The Cold Fusion Request

Event Details


Date
14 September 2010

POST Values
CFID:
xxxxxxxx, CFTOKEN=xxxxxxxx, CFGLOBALS=urltoken=CFID#=xxxxxxx&CFTOKEN#=xxxxxxx#lastvisit={ts '2010-09-14 14:33:18'}#timecreated={ts '2010-09-14 14:33:18'}#hitcount=2#cftoken=xxxxxxxx#cfid=xxxxxxxx#, __mmsid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, __mmuid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, __mmtrk=0|||x|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

What the hacker was hoping for

This isn't actually a hack attempt. What this is is cold fusion's horrible built in session handler. It will crop up occasionally in your logs. Sometimes they are forged, sometimes not. However if you're not running Cold Fusion (which you shouldn't be), you should be safe.

How to prevent this


  • Don't run Cold Fusion

No comments:

Post a Comment