Seems there’s a lot of ColdFusion sites out there getting hit by an automated SQL Injection attack, which adds a “<script>” tag to varchar fields using a bit of SQL Server t-sql. Many years ago, I wrote a script that would find and automatically <cfqueryparam> queries (which has been at Daryl’s ColdFusion Primer. I’ve dug [...]