Skip to content

Instantly share code, notes, and snippets.


James Moberg JamoCA

View GitHub Profile
JamoCA / getFormFiles.cfm
Last active May 6, 2022
getFormFiles UDF: Return a struct with all form field & file data from a form post
View getFormFiles.cfm
<!--- 2022-05-05: getFormFiles UDF for Adobe ColdFusion and Lucee
public struct function getFormFiles() output=false hint="I return a struct with all form field & file data from a form post" {
if (cgi.request_method neq "post") return {};
local.result = [:];
local.isLucee = server.ColdFusion.ProductName is "lucee";
JamoCA / cflogin-demo.cfm
Last active Apr 14, 2022
Simple one-page ColdFusion CFLogin demo #cfml
View cflogin-demo.cfm
<!--- 20220414 Simple one-page ColdFusion CFLogin demo #cfml
Responding to
A CFLogin object with "name" & "password" doesn't exist, but ACF documentation references it.
CFLogin Documentation:
JamoCA / ConvertHEICtoJPG.cfm
Last active Mar 18, 2022
Convert HEIC to JPG (using ColdFusion & ImageMagick Mogrify) #cfml
View ConvertHEICtoJPG.cfm
<!--- 20200529 SunStar Media --->
<cffunction name="convertHEIC" returntype="any" output="no" hint="Converts HEIC file to JPG">
<cfargument name="filepath" type="string" required="true">
<cfargument name="destination" type="string" default="jpg" required="true">
<cfargument name="delete" type="boolean" default="false" required="true">
<cfargument name="exePath" default="c:\cfusionextra\ImageMagick\mogrify.exe" type="string" required="false">
<cfargument name="useCfxExec" default="0" type="string" required="false">
<cfset var temp = ["raw":"", "success":false, "defaults":arguments]>
JamoCA / makeQueryUDF.cfm
Created Mar 5, 2022
CF_MakeQuery (ported to a UDF)
View makeQueryUDF.cfm
public query function makeQuery(string input="") output=false hint="I convert tab-delimited data to a basic query" {
local.strSetup = javacast("string", arguments.input).trim().replaceAll(chr(9), "|").replaceAll("(?m)^[\t ]+|[\t ]+$", "");
local.arrRows = listToArray(local.strSetup, "#chr(10)##chr(13)#");
local.qData = queryNew("");
if (arrayLen(local.arrRows)){
local.colHeaders = listToArray(local.arrRows[1], "|");
for ( local.thisCol in local.colHeaders ) {
queryAddColumn(local.qData, "#local.thisCol#", "CF_SQL_VARCHAR", arrayNew(1));
JamoCA / Clear-CGI-Scope-CFML.cfm
Last active Feb 6, 2022
Test to see if the read-only ColdFusion CGI scope can be cleared be reference.
View Clear-CGI-Scope-CFML.cfm
<!--- 20220204
This is a test to see if the CGI scope can be cleared.
(I thought that the CGI scope was "read-only".)
Adobe ColdFusion allows it to be cleared by reference.
Lucee throws a "can't clear struct, struct is readonly" error.
TRYCF: Unable to test on or CFFiddle as CGI scope is disabled.
NOTE: If you test this, you will need to restart the ColdFusion service or the CGI struct will continue to be
JamoCA / java-string-hashcode.cfm
Created Feb 3, 2022
Sample CFML to hash a string into an integer using java hashCode() using ColdFusion.
View java-string-hashcode.cfm
<!--- 20220203 string.hashCode() returns an integer.
tests = [
"hello world"
JamoCA / GetAllColumnMaxValues.sql
Last active Jan 31, 2022
How to Find Max and Min Values for all the columns for all the tables in SQL Server Database
View GetAllColumnMaxValues.sql
-- 20220129 From TechBrothersIT
USE [YourDBName];
DECLARE @DatabaseName VARCHAR(100)
DECLARE @SchemaName VARCHAR(100)
DECLARE @ColumnName VARCHAR(100)
DECLARE @FullyQualifiedTableName VARCHAR(500)
JamoCA / structKeyExists-vs-keyExists.cfm
Last active Dec 31, 2021
Attempt to compare performance of ColdFusion StructKeyExists() versus keyExists() (cfml)
View structKeyExists-vs-keyExists.cfm
<!--- 20211230 --->
<h2>Attempt to compare performance of StructKeyExists() versus keyExists()</h2>
request.nanoTime = createObject("java", "java.lang.System");
numeric function getNano() output=false hint="returns nano time (more accurate)" {
return request.nanoTime.nanoTime();
JamoCA / log4j-exploit-detection.cfm
Last active Dec 29, 2021
Log4j Exploit Pattern Detection Using ColdFusion\CFML
View log4j-exploit-detection.cfm
<!--- getRequestAsText() and containsLog4jExploit() ColdFusion UDF proof-of-concept
by James Moberg
Tested on CF2016+ and Lucee (using
string function getRequestAsText() output=false hint="I return HTTP header, url and form data as text" {
var response = getHttpRequestData();
JamoCA / web.config
Created Dec 14, 2021
IIS Rewrite rules to remove "server" and "x-powered-by" from response headers
View web.config
<?xml version="1.0" encoding="UTF-8"?>
<rule name="Remove Server">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" />
<rule name="Remove Powered-By">