Skip to content

Instantly share code, notes, and snippets.

View ivanionut's full-sized avatar
🎯
Focusing

Ivan Ionut ivanionut

🎯
Focusing
View GitHub Profile

ColdFusion Server Detection

This is a re-imagineering of a ColdFusion code block found here: https://github.com/webdevsourcerer/CF-Server-Detect

It is actually originally noted as a ColdFusion Scriptlet but we have NO frickin' idea what a ColdFusion Scriptlet is (because there is no such thing).

Credits

It's ALWAYS good etiquette to credit and thank those who gave time, skills and knowledge to advance the community and help to improve shitty code.

@ivanionut
ivanionut / dnsjava.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/dnsjava.cfm
Better ColdFusion DNS Look-ups using dnsjava.
<cfscript>
/* add dnsjava-*.jar to java path. Download from http://www.dnsjava.org/ */
thisDomain = "google.com";
dnsjava = createobject("java", "org.xbill.DNS.Address");
dnsResponse = dnsjava.getAllByName(thisDomain);
ips = [];
if (isArray(dnsResponse)){
for(i=1; i <= ArrayLen(dnsResponse); i++){
arrayappend(ips, dnsResponse[i].getHostAddress());
}
@ivanionut
ivanionut / Verify_Googlebot.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/Verify_Googlebot.cfm
Here's a raw proof-of-concept script written in ColdFusion that identifies & blocks fake Googlebots. This can be easily expanded to cache DNS responses & log new bots.
<cfscript>
/* based on info from http://googlewebmastercentral.blogspot.com/2006/09/how-to-verify-googlebot.html */
badBot = 0;
blockBadBots = 0;
ip = cgi.remote_addr;
userAgent = CGI.Http_User_Agent;
/* Sample request values */
//userAgent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)";
//ip = "179.179.65.180"; //bad
@ivanionut
ivanionut / hashids.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/hashids.cfm
Sample Implementation of the ColdFusion hashids library http://www.hashids.org/coldfusion/
<cfscript>
/* Download and install the hashids CFC https://github.com/dswitzer/hashids.coldfusion */
hashids = new Hashids(salt="this is my salt"
,minLen=8
,alphabet="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890");
id_to_hash = listtoArray("1"); // try "1,2,3" and "3,2,1" and "1,1,1"
writeoutput('original = #arrayToList(id_to_hash)#<br>');
hashed_id = hashids.encrypt(id_to_hash);
@ivanionut
ivanionut / isAjaxRequest.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/isAjaxRequest.cfm
This ColdFusion UDF will query the server's request headers to determine if the request is an Ajax form post from jQuery. (jQuery adds a special header to all ajax requests.)
<cfscript>
function isAjaxRequestPost(){
var headers = getHttpRequestData().headers;
return CGI.Request_Method is "POST" and StructKeyExists(headers, "X-Requested-With") AND (headers["X-Requested-With"] EQ "XMLHttpRequest");
}
</cfscript>
<cfif not isAjaxRequestPost()>
<!--- log attempt, alert admin, etc --->
<cfheader statuscode="403" statustext="Forbidden">
@ivanionut
ivanionut / BlockedCookies.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/BlockedCookies.cfm
Block access to ColdFusion web application based on bogus, pre-existing cookies that aren't used.
<cfscript>
BadCookieList = [
"ASP.NET_SessionID",
"ISFIRSTVISIT",
"PHPSESSID",
"REMEMBERCOUNTRY",
"RESOURCEINFO",
"SESSIONS",
"SS_MID",
"USERINFO",
@ivanionut
ivanionut / makeHoneyPotLink.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/makeHoneyPotLink.cfm
ColdFusion UDF to generate randomized Honey Pot HTML Code. For use with ProjectHoneyPot.org. (NOTE: You can test this at CFLive.net)
@ivanionut
ivanionut / CSVtoQuery.cfm
Last active May 23, 2023 16:56 — forked from JamoCA/CSVtoQuery.cfm
Convert CSV File to Coldfusion Query Object using ColdFusion & opencsv (Java)
<!---
Convert CSV file to a ColdFusion query object using opencsv.
Requirements:
- ColdFusion 8+ ( http://en.wikipedia.org/wiki/Adobe_ColdFusion )
- opencsv - free parser library for Java ( http://opencsv.sourceforge.net/ )
http://opencsv.sourceforge.net/
opencsv supports all the basic csv-type things you're likely to want to do:
- Arbitrary numbers of values per line
- Ignoring commas in quoted elements
- Handling quoted entries with embedded carriage returns (ie entries that span multiple lines)
@ivanionut
ivanionut / ScopeInjectionProtection.cfm
Last active August 29, 2015 14:16 — forked from JamoCA/ScopeInjectionProtection.cfm
Sample ColdFusion 9+ script to prevent Fallback Scope Injection. URL & Form variables are universally accessible in the scope & used as fallback.
<!--- Sample ColdFusion 9+ script to prevent Fallback Scope Injection. URL & Form variables are universally accessible in the scope & used as fallback.
Based on insights provided by Peter Freitag's blog post http://www.petefreitag.com/item/834.cfm --->
<cfscript>
Scopes = "arguments,local,thread,variables,cgi,cookie,client,request,application,session,server,caller,thistag,this";
for (thisField in Form) {
if (ListLen(thisField,".") GT 1 AND ListFindNocase(Scopes, trim(ListFirst(ThisField,".")))){
StructDelete(Form, thisField);
if (ListFindnocase(Form.Fieldnames, ThisField)){
Form.Fieldnames = ListDeleteAt(Form.Fieldnames, ListFindnocase(Form.Fieldnames, ThisField));
}
@ivanionut
ivanionut / sanitizeFileName.cfm
Last active August 29, 2015 14:19 — forked from JamoCA/sanitizeFileName.cfm
ColdFusion UDF to sanitize filename & remove illegal characters & symbols that are incompatible/invalid when used with different languages, OS and devices.
<cfscript>
/* 3/18/2015 sanitizeFileName()
Pass filename, list of options (optional), replacementCharacter (default="") */
function sanitizeFileName(s){
var e = trim(listLast(trim(s), "."));
var rules = "";
var replacementCharacter = "";
if(ArrayLen(Arguments) GTE 2) { rules = Arguments[2];}
if(ArrayLen(Arguments) GTE 3 AND LEN(trim(Arguments[3]))) { replacementCharacter = Arguments[3];}
s = trim(s);