Here is the method that is throwing the uncaught error: https://gist.github.com/anonymous/f6ea0c785e50f930deb1
It’s really just an abstraction of a <cfquery dbtype=”query”> and nothing more. This is the query string that gets passed as the queryCondition argument (or something along these lines, there were 200+ instances of this particular SQL injection event). id=44186160399999%22%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,%27ololo%27,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%201))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20--%20%22x%22=%22x As far as the rest of the error dump goes, it’s just stack trace information. There is no additional information available that makes anything any clearer. The error is thrown in the above method. As you can see, there is no try/catch in that method so the wrapping try/catch statement should have caught anything coming from it. Thank you, Troy Jones Technical Manager Third Wave Digital 1841 Hardeman Ave. Macon, GA 31201 [email protected]<mailto:[email protected]> www.thirdwavedigital.com<http://www.thirdwavedigital.com> From: [email protected] [mailto:[email protected]] On Behalf Of Cameron Childress Sent: Wednesday, August 06, 2014 12:24 PM To: [email protected] Subject: Re: [ACFUG Discuss] Issue with cftry and Query of Queries On Wed, Aug 6, 2014 at 12:17 PM, troy <[email protected]<mailto:[email protected]>> wrote: Here is the current code snip: Okay, still not all the code. This is the error that was reported: Not the entire error. But my real question is why the error escaped the try/catch block at all. <cfcatch type=”any”> should have caught anything regardless of whether the error originated in the contained logic block or some other method called by it, yes? As I said, there could be other catch blocks in the other libraries. *That* catch would trap error and prevent *your* catch from catching it. But answering this question really requires the rest of the code and full error. If anyone sees something else, perhaps they will speak up. -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook<http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+<https://profiles.google.com/u/0/117829379451708140985>
