Well, I finally got hacked. This is a first for me, and proves that my Linux skills are just not quite as up there as my windows admin skills. And what was the vector? The lack of queryparams inside CFshopkart. The only upside is that there were no transactions inside the cart, and no sensitive data to steal. But the defacement did muck about with several system files. Bah.
my site being hacked using same hole in cart.
thankfully, i've closed all those holes with
cfqueryparams. Our servers where already
hardened. They only got to the one page that
was not write protect on the site.