Tom or Andy, Fill me in on this a little more. If I'm a hacker posting to a blog or guestbook, what advantage is there to not waiting for the POST request to return and googling for my text later? I'm trying to think of a scenario where this would save time rather than waste time.
-Mark -----Original Message----- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, August 11, 2006 8:10 AM To: CF-Talk Subject: RE: OT - "Nice site I will recommend you to all my friends." Ah...I gotcha. So they Google for the unique text they posted (on your site) and if they find it, they know that form is vulnerable? Not only are they sneaky bastards, but they're lazy as well? <!----------------//------ andy matthews web developer certified advanced coldfusion programmer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --------------//---------> -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 4:55 PM To: CF-Talk Subject: RE: OT - "Nice site I will recommend you to all my friends." Once they've ran it for a while, they'll give it a week or so and search Google for the text. If they find it, that means their method of posting it worked and the site is exactly what they are looking for. (vulnerable) ....:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 10:44 AM To: CF-Talk Subject: RE: OT - "Nice site I will recommend you to all my friends." What would they be waiting for? <!----------------//------ andy matthews web developer certified advanced coldfusion programmer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --------------//---------> -----Original Message----- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 9:30 AM To: CF-Talk Subject: Re: OT - "Nice site I will recommend you to all my friends." On Thursday 10 August 2006 14:52, Les Mizzell wrote: > "Nice site I will recommend you to all my friends." <guess> It's a test to find vulnerable sites without bothering to wait for a POST of a form to come back - just submit the request and check back at some future point. -- Tom Chiverton ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249553 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
