Skip to content

Instantly share code, notes, and snippets.

Avatar

James Moberg JamoCA

View GitHub Profile
@JamoCA
JamoCA / getFormFiles.cfm
Last active May 6, 2022
getFormFiles UDF: Return a struct with all form field & file data from a form post
View getFormFiles.cfm
<!--- 2022-05-05: getFormFiles UDF for Adobe ColdFusion and Lucee
Gist: https://gist.github.com/JamoCA/524b68b4fbbbf884da7f631e697defbd
Blog: https://dev.to/gamesover/identifying-random-uploaded-form-files-57n7
--->
<cfscript>
public struct function getFormFiles() output=false hint="I return a struct with all form field & file data from a form post" {
if (cgi.request_method neq "post") return {};
local.result = [:];
local.isLucee = server.ColdFusion.ProductName is "lucee";
@JamoCA
JamoCA / cflogin-demo.cfm
Last active Apr 14, 2022
Simple one-page ColdFusion CFLogin demo #cfml
View cflogin-demo.cfm
<!--- 20220414 Simple one-page ColdFusion CFLogin demo #cfml
Responding to https://tracker.adobe.com/#/view/CF-4213180
A CFLogin object with "name" & "password" doesn't exist, but ACF documentation references it.
CFLogin Documentation:
https://cfdocs.org/cflogin
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cflogin.html
https://docs.lucee.org/reference/tags/login.html
--->
@JamoCA
JamoCA / ConvertHEICtoJPG.cfm
Last active Mar 18, 2022
Convert HEIC to JPG (using ColdFusion & ImageMagick Mogrify) #cfml
View ConvertHEICtoJPG.cfm
<!--- 20200529 SunStar Media https://www.sunstarmedia.com/
https://gist.github.com/JamoCA/d52eb99b462e42866694975eb9af1396 --->
<cffunction name="convertHEIC" returntype="any" output="no" hint="Converts HEIC file to JPG">
<cfargument name="filepath" type="string" required="true">
<cfargument name="destination" type="string" default="jpg" required="true">
<cfargument name="delete" type="boolean" default="false" required="true">
<cfargument name="exePath" default="c:\cfusionextra\ImageMagick\mogrify.exe" type="string" required="false">
<cfargument name="useCfxExec" default="0" type="string" required="false">
<cfset var temp = ["raw":"", "success":false, "defaults":arguments]>
@JamoCA
JamoCA / makeQueryUDF.cfm
Created Mar 5, 2022
CF_MakeQuery (ported to a UDF)
View makeQueryUDF.cfm
<cfscript>
public query function makeQuery(string input="") output=false hint="I convert tab-delimited data to a basic query" {
local.strSetup = javacast("string", arguments.input).trim().replaceAll(chr(9), "|").replaceAll("(?m)^[\t ]+|[\t ]+$", "");
local.arrRows = listToArray(local.strSetup, "#chr(10)##chr(13)#");
local.qData = queryNew("");
if (arrayLen(local.arrRows)){
local.colHeaders = listToArray(local.arrRows[1], "|");
for ( local.thisCol in local.colHeaders ) {
queryAddColumn(local.qData, "#local.thisCol#", "CF_SQL_VARCHAR", arrayNew(1));
}
@JamoCA
JamoCA / Clear-CGI-Scope-CFML.cfm
Last active Feb 6, 2022
Test to see if the read-only ColdFusion CGI scope can be cleared be reference.
View Clear-CGI-Scope-CFML.cfm
<!--- 20220204
This is a test to see if the CGI scope can be cleared.
(I thought that the CGI scope was "read-only".)
Adobe ColdFusion allows it to be cleared by reference.
Lucee throws a "can't clear struct, struct is readonly" error.
GIST: https://gist.github.com/JamoCA/5ebc08505eeb3edfbd54ebdaadc11b8f
CFBUG: https://tracker.adobe.com/#/view/CF-4212734
THREAD: https://community.adobe.com/t5/coldfusion-discussions/cgi-scope-is-empty-with-coldfusion-2021-on-windows-2019/td-p/12634405
TRYCF: Unable to test on TryCF.com or CFFiddle as CGI scope is disabled.
NOTE: If you test this, you will need to restart the ColdFusion service or the CGI struct will continue to be
@JamoCA
JamoCA / java-string-hashcode.cfm
Created Feb 3, 2022
Sample CFML to hash a string into an integer using java hashCode() using ColdFusion.
View java-string-hashcode.cfm
<!--- 20220203 string.hashCode() returns an integer.
GIST: https://gist.github.com/JamoCA/e94b1100932db2c02b18eb11afc56079
INFO: https://www.programiz.com/java-programming/library/string/hashcode
--->
<cfscript>
tests = [
"hello world"
,now()
,"abcdefghijklmnopqrstuvwxyz"
@JamoCA
JamoCA / GetAllColumnMaxValues.sql
Last active Jan 31, 2022
How to Find Max and Min Values for all the columns for all the tables in SQL Server Database
View GetAllColumnMaxValues.sql
-- 20220129 From TechBrothersIT https://www.techbrothersit.com/2016/03/how-to-find-max-and-min-values-for-all.html
USE [YourDBName];
DECLARE @DatabaseName VARCHAR(100)
DECLARE @SchemaName VARCHAR(100)
DECLARE @TableName VARCHAR(100)
DECLARE @ColumnName VARCHAR(100)
DECLARE @FullyQualifiedTableName VARCHAR(500)
DECLARE @DataType VARCHAR(50)
@JamoCA
JamoCA / structKeyExists-vs-keyExists.cfm
Last active Dec 31, 2021
Attempt to compare performance of ColdFusion StructKeyExists() versus keyExists() (cfml)
View structKeyExists-vs-keyExists.cfm
<!--- 20211230 https://gist.github.com/JamoCA/809c58aaff993cccd979c143f8de7698 --->
<h2>Attempt to compare performance of StructKeyExists() versus keyExists()</h2>
<cfscript>
request.nanoTime = createObject("java", "java.lang.System");
numeric function getNano() output=false hint="returns nano time (more accurate)" {
return request.nanoTime.nanoTime();
}
@JamoCA
JamoCA / log4j-exploit-detection.cfm
Last active Dec 29, 2021
Log4j Exploit Pattern Detection Using ColdFusion\CFML
View log4j-exploit-detection.cfm
<!--- getRequestAsText() and containsLog4jExploit() ColdFusion UDF proof-of-concept
2021-12-21
by James Moberg https://www.sunstarmedia.com/
https://gist.github.com/JamoCA/6a8c612645b1b7c47eba8e317ad51d23
Tested on CF2016+ and Lucee (using TryCF.com).
--->
<cfscript>
string function getRequestAsText() output=false hint="I return HTTP header, url and form data as text" {
var response = getHttpRequestData();
@JamoCA
JamoCA / web.config
Created Dec 14, 2021
IIS Rewrite rules to remove "server" and "x-powered-by" from response headers
View web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove Server">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" />
</rule>
<rule name="Remove Powered-By">