What is it that you are thinking would have made 7.01 not vulnerable? Seems more like the JS filter code they (myspace) wrote was the problem, more specifically not "properly" filtering out his JavaScript injection in the malformed way he wrote it. Also with the browser for executing this malformed JavaScript. I cannot think of anything in 7.01 that could have stopped this but then again, I am still on 6.x.
On 10/14/05, Larry C. Lyons <[EMAIL PROTECTED]> wrote: > > interesting small hack. I wonder if it would have worked if they used CFMX > 7.01. > > larry > > On 10/14/05, Kevin Graeme <[EMAIL PROTECTED]> wrote: > > > http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:177078 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
