Today is the day. Unless you can bet money that every cfquery in your application is completely safe from SQL inject attacks you need to stop what you are doing and scan your sites. I have reviewed two cfqueryparam scanners to find vulnerable queries and one of them will even fix 95% of your code for you! If your boss asks what you are doing, tell him you found a security vulnerability being exploited and it needs to be closed. He'll understand.After you fix your code, please contact me and tell me the number of cfqueries you fixed. I will keep an anonymous running total of the good work we have accomplished. I'm normally not into re-hosting downloads, but riaforge seems to be down at this exact moment (1:26 CST) and I have a couple changes to one of the scanners to include .cfc files so here you go: I give an overview of them here:
http://www.codersrevolution.com/index.cfm/2008/7/24/Announcing-the-first-ever-International-Operation-cfSQLprotect