Claude, The idea that there's no visible indication in the "view source" makes me consider that as well - but why would it just appear on a login page for the cfadmin? Perhaps it looks for specific form field names and throws up the "java out of date" message to prey on fears of folks logging in to various things...
-Mark -----Original Message----- From: Claude Schnéegans <schneeg...@internetique.com> [mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans <schneegans@interneti=71?= =?ISO-8859-1?Q?ue.com=3E?=] Sent: Wednesday, November 12, 2014 1:40 PM To: cf-talk Subject: Re: FW: CF9.02 administrator hack >>There's no reason that content can't be injected at serve time. In this case, there would be a difference in the files delivered to the visitor. IMO the hack is in the browser, not on the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm