Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

ScriptProtect error replacing insecure tag in the CGI scope.

  • 24-11-2008 02:07PM
    #1
    biko
    Registered Users, Registered Users 2 Posts: 81,060 ✭✭✭✭


    I get this sometimes in my server logs when I run penetration scans. It's to do with the scriptprotect in coldfusion but what stumps me is:
    Is this a normal log entry for when scriptprotect disallows a script or is this an error on SPs part?
    Tagged:


Comments

  • #2
    biko
    Registered Users, Registered Users 2 Posts: 81,060 ✭✭✭✭biko


    Can I get this moved to Tech > Security ?


  • #3
    biko
    Registered Users, Registered Users 2 Posts: 81,060 ✭✭✭✭biko


    Ok after coming across this again and looking into it further and testing on one of my own sites I can say:
    ScriptProtect error replacing insecure tag in the CGI scope means that ScriptProtect has failed to block the attack properly and for instance a popup or similar has been shown. SP is supposed to see the script tag and replace it with InvalidTag.

    I'm writing this as it seem no-one else has put up what the message actually means, even though in hindsight it seems pretty evident. Some even seem to suggest it means SP worked.

    To clarify: when running for instance index.cfm?action="><script>alert(document.domain)</script> I do get the popup and the SP error in the log.


Advertisement