James Moberg JamoCA

## getFormFiles.cfm
<!--- 2022-05-05:  getFormFiles UDF for Adobe ColdFusion and Lucee
Gist: https://gist.github.com/JamoCA/524b68b4fbbbf884da7f631e697defbd
Blog: https://dev.to/gamesover/identifying-random-uploaded-form-files-57n7
--->

<cfscript>
public struct function getFormFiles() output=false hint="I return a struct with all form field & file data from a form post" {
	if (cgi.request_method neq "post") return {};
	local.result = [:];
	local.isLucee = server.ColdFusion.ProductName is "lucee";

## cflogin-demo.cfm
<!---  20220414 Simple one-page ColdFusion CFLogin demo #cfml
       Responding to https://tracker.adobe.com/#/view/CF-4213180
       A CFLogin object with "name" & "password" doesn't exist, but ACF documentation references it.

  CFLogin Documentation:
  https://cfdocs.org/cflogin
  https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cflogin.html
  https://docs.lucee.org/reference/tags/login.html
--->

## ConvertHEICtoJPG.cfm
<!--- 20200529 SunStar Media https://www.sunstarmedia.com/
      https://gist.github.com/JamoCA/d52eb99b462e42866694975eb9af1396 --->

<cffunction name="convertHEIC" returntype="any" output="no" hint="Converts HEIC file to JPG">
	<cfargument name="filepath" type="string" required="true">
	<cfargument name="destination" type="string" default="jpg" required="true">
	<cfargument name="delete" type="boolean" default="false" required="true">
	<cfargument name="exePath" default="c:\cfusionextra\ImageMagick\mogrify.exe" type="string" required="false">
	<cfargument name="useCfxExec" default="0" type="string" required="false">
	<cfset var temp = ["raw":"", "success":false, "defaults":arguments]>

## makeQueryUDF.cfm
<cfscript>
public query function makeQuery(string input="") output=false hint="I convert tab-delimited data to a basic query" {
	local.strSetup = javacast("string", arguments.input).trim().replaceAll(chr(9), "|").replaceAll("(?m)^[\t ]+|[\t ]+$", "");
	local.arrRows = listToArray(local.strSetup, "#chr(10)##chr(13)#");
	local.qData = queryNew("");
	if (arrayLen(local.arrRows)){
		local.colHeaders = listToArray(local.arrRows[1], "|");
		for ( local.thisCol in local.colHeaders ) {
			queryAddColumn(local.qData, "#local.thisCol#", "CF_SQL_VARCHAR", arrayNew(1));
		}

## Clear-CGI-Scope-CFML.cfm
<!--- 20220204
This is a test to see if the CGI scope can be cleared.
(I thought that the CGI scope was "read-only".)
Adobe ColdFusion allows it to be cleared by reference.
Lucee throws a "can't clear struct, struct is readonly" error.
GIST: https://gist.github.com/JamoCA/5ebc08505eeb3edfbd54ebdaadc11b8f
CFBUG: https://tracker.adobe.com/#/view/CF-4212734
THREAD: https://community.adobe.com/t5/coldfusion-discussions/cgi-scope-is-empty-with-coldfusion-2021-on-windows-2019/td-p/12634405
TRYCF: Unable to test on TryCF.com or CFFiddle as CGI scope is disabled.
NOTE: If you test this, you will need to restart the ColdFusion service or the CGI struct will continue to be

## java-string-hashcode.cfm
<!--- 20220203 string.hashCode() returns an integer.
  GIST: https://gist.github.com/JamoCA/e94b1100932db2c02b18eb11afc56079
  INFO: https://www.programiz.com/java-programming/library/string/hashcode
--->

<cfscript>
tests = [
	"hello world"
	,now()
	,"abcdefghijklmnopqrstuvwxyz"

## GetAllColumnMaxValues.sql
-- 20220129 From TechBrothersIT https://www.techbrothersit.com/2016/03/how-to-find-max-and-min-values-for-all.html

USE [YourDBName];

DECLARE @DatabaseName VARCHAR(100)
DECLARE @SchemaName VARCHAR(100)
DECLARE @TableName VARCHAR(100)
DECLARE @ColumnName VARCHAR(100)
DECLARE @FullyQualifiedTableName VARCHAR(500)
DECLARE @DataType VARCHAR(50)

## structKeyExists-vs-keyExists.cfm
<!--- 20211230 https://gist.github.com/JamoCA/809c58aaff993cccd979c143f8de7698 --->
<h2>Attempt to compare performance of StructKeyExists() versus keyExists()</h2>
<cfscript>

request.nanoTime = createObject("java", "java.lang.System");

numeric function getNano() output=false hint="returns nano time (more accurate)" {
	return request.nanoTime.nanoTime();
}

## log4j-exploit-detection.cfm
<!--- getRequestAsText() and containsLog4jExploit() ColdFusion UDF proof-of-concept
      2021-12-21
      by James Moberg https://www.sunstarmedia.com/
      https://gist.github.com/JamoCA/6a8c612645b1b7c47eba8e317ad51d23
      Tested on CF2016+ and Lucee (using TryCF.com).
--->

<cfscript>
string function getRequestAsText() output=false hint="I return HTTP header, url and form data as text" {
	var response = getHttpRequestData();

## web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
	<system.webServer>
		<rewrite>
			<outboundRules>
				<rule name="Remove Server">
					<match serverVariable="RESPONSE_Server" pattern=".+" />
					<action type="Rewrite" />
				</rule>
				<rule name="Remove Powered-By">
	<!--- 2022-05-05: getFormFiles UDF for Adobe ColdFusion and Lucee
	Gist: https://gist.github.com/JamoCA/524b68b4fbbbf884da7f631e697defbd
	Blog: https://dev.to/gamesover/identifying-random-uploaded-form-files-57n7
	--->

	<cfscript>
	public struct function getFormFiles() output=false hint="I return a struct with all form field & file data from a form post" {
	if (cgi.request_method neq "post") return {};
	local.result = [:];
	local.isLucee = server.ColdFusion.ProductName is "lucee";
	<!--- 20220414 Simple one-page ColdFusion CFLogin demo #cfml
	Responding to https://tracker.adobe.com/#/view/CF-4213180
	A CFLogin object with "name" & "password" doesn't exist, but ACF documentation references it.

	CFLogin Documentation:
	https://cfdocs.org/cflogin
	https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cflogin.html
	https://docs.lucee.org/reference/tags/login.html
	--->
	<!--- 20200529 SunStar Media https://www.sunstarmedia.com/
	https://gist.github.com/JamoCA/d52eb99b462e42866694975eb9af1396 --->

	<cffunction name="convertHEIC" returntype="any" output="no" hint="Converts HEIC file to JPG">
	<cfargument name="filepath" type="string" required="true">
	<cfargument name="destination" type="string" default="jpg" required="true">
	<cfargument name="delete" type="boolean" default="false" required="true">
	<cfargument name="exePath" default="c:\cfusionextra\ImageMagick\mogrify.exe" type="string" required="false">
	<cfargument name="useCfxExec" default="0" type="string" required="false">
	<cfset var temp = ["raw":"", "success":false, "defaults":arguments]>
	<cfscript>
	public query function makeQuery(string input="") output=false hint="I convert tab-delimited data to a basic query" {
	local.strSetup = javacast("string", arguments.input).trim().replaceAll(chr(9), "\|").replaceAll("(?m)^[\t ]+\|[\t ]+$", "");
	local.arrRows = listToArray(local.strSetup, "#chr(10)##chr(13)#");
	local.qData = queryNew("");
	if (arrayLen(local.arrRows)){
	local.colHeaders = listToArray(local.arrRows[1], "\|");
	for ( local.thisCol in local.colHeaders ) {
	queryAddColumn(local.qData, "#local.thisCol#", "CF_SQL_VARCHAR", arrayNew(1));
	}
	<!--- 20220204
	This is a test to see if the CGI scope can be cleared.
	(I thought that the CGI scope was "read-only".)
	Adobe ColdFusion allows it to be cleared by reference.
	Lucee throws a "can't clear struct, struct is readonly" error.
	GIST: https://gist.github.com/JamoCA/5ebc08505eeb3edfbd54ebdaadc11b8f
	CFBUG: https://tracker.adobe.com/#/view/CF-4212734
	THREAD: https://community.adobe.com/t5/coldfusion-discussions/cgi-scope-is-empty-with-coldfusion-2021-on-windows-2019/td-p/12634405
	TRYCF: Unable to test on TryCF.com or CFFiddle as CGI scope is disabled.
	NOTE: If you test this, you will need to restart the ColdFusion service or the CGI struct will continue to be
	<!--- 20220203 string.hashCode() returns an integer.
	GIST: https://gist.github.com/JamoCA/e94b1100932db2c02b18eb11afc56079
	INFO: https://www.programiz.com/java-programming/library/string/hashcode
	--->

	<cfscript>
	tests = [
	"hello world"
	,now()
	,"abcdefghijklmnopqrstuvwxyz"
	-- 20220129 From TechBrothersIT https://www.techbrothersit.com/2016/03/how-to-find-max-and-min-values-for-all.html

	USE [YourDBName];

	DECLARE @DatabaseName VARCHAR(100)
	DECLARE @SchemaName VARCHAR(100)
	DECLARE @TableName VARCHAR(100)
	DECLARE @ColumnName VARCHAR(100)
	DECLARE @FullyQualifiedTableName VARCHAR(500)
	DECLARE @DataType VARCHAR(50)
	<!--- 20211230 https://gist.github.com/JamoCA/809c58aaff993cccd979c143f8de7698 --->
	<h2>Attempt to compare performance of StructKeyExists() versus keyExists()</h2>
	<cfscript>

	request.nanoTime = createObject("java", "java.lang.System");

	numeric function getNano() output=false hint="returns nano time (more accurate)" {
	return request.nanoTime.nanoTime();
	}
	<!--- getRequestAsText() and containsLog4jExploit() ColdFusion UDF proof-of-concept
	2021-12-21
	by James Moberg https://www.sunstarmedia.com/
	https://gist.github.com/JamoCA/6a8c612645b1b7c47eba8e317ad51d23
	Tested on CF2016+ and Lucee (using TryCF.com).
	--->

	<cfscript>
	string function getRequestAsText() output=false hint="I return HTTP header, url and form data as text" {
	var response = getHttpRequestData();
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<rewrite>
	<outboundRules>
	<rule name="Remove Server">
	<match serverVariable="RESPONSE_Server" pattern=".+" />
	<action type="Rewrite" />
	</rule>
	<rule name="Remove Powered-By">