> I think it sounds like one developer was trying to destroy your search > ranking by giving googlebot to an obvious spam page. (don't they know > about robots.txt?) Too bad for you guys, google now makes a web browser, > and thus your problem. No standard exploit will inject CFML into a page > unless you're dynamically generating cfm files, then maybe it was a cheap > XSS hack that found its way into a really lucky spot - that still doesn't > explain why the XSS would be written in CFML. Just take out the evil code, > apologize for all of your previous developers and move on.
There are all kinds of exploits that will allow you to write to the filesystem - and that's all that needs to happen for something like this to work. SQL injection attacks, file uploads allowed in web-accessible directories, web server vulnerabilities (which are pretty rare nowadays, fortunately), vulnerabilities through other services (FTP, WebDAV). XSS vulnerabilities cannot rewrite server-side code unless the vulnerability is executed through a page that normally writes said server-side code. I would bet against this having to do with any developer who had legitimate access to the server, for a wide variety of reasons. Having a robots.txt file would not have any effect on this. I'm not sure what Chrome has to do with this. Perhaps I'm misunderstanding what you're getting at. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353152 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
