The Feedback section is entered with an administration section and this is locked down with a username and password.
The feedback section is only a text field and the person using the site lets say is not clued in! Throughout the site i have a number of pages that are database driven and the customer feedback page is the only one that is being effected as all the other queries are using CFQUERYPARAM for variables. They are amending the FEEDBACK field and entering a piece of javascript that redirects the user to a site that contains spyware and malware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331932 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
