Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ScriptProtect error replacing insecure tag in the CGI scope.

  • 24-11-2008 2:07pm
    #1
    biko
    Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭


    I get this sometimes in my server logs when I run penetration scans. It's to do with the scriptprotect in coldfusion but what stumps me is:
    Is this a normal log entry for when scriptprotect disallows a script or is this an error on SPs part?
    Tagged:


Comments

  • #2
    biko
    Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Can I get this moved to Tech > Security ?


  • #3
    biko
    Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Ok after coming across this again and looking into it further and testing on one of my own sites I can say:
    ScriptProtect error replacing insecure tag in the CGI scope means that ScriptProtect has failed to block the attack properly and for instance a popup or similar has been shown. SP is supposed to see the script tag and replace it with InvalidTag.

    I'm writing this as it seem no-one else has put up what the message actually means, even though in hindsight it seems pretty evident. Some even seem to suggest it means SP worked.

    To clarify: when running for instance index.cfm?action="><script>alert(document.domain)</script> I do get the popup and the SP error in the log.


Advertisement