CFM script injection hack...

Similar Messages

• Script injection in SharePoint OOB List forms

  In SharePoint 2010 Out of box list forms Text Boxes,how can we prevent script injections?
  Thank you.

  Hello,
  >i am able to enter script into the title and description fields.
  I don't think you can stop this. You might also want to look at below MSDN for SP security.
  http://msdn.microsoft.com/en-us/library/ee696753.aspx
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Dashboard image link with repository variable "script injection" warning.

  Hello,
  in order to make the migration easier we want to parameterize the URLs so they are centrally managed in the repository and not on every single dashboard page.
  Since I figured out the following works for a dashboard text item:
  '@{biServer.variables['NQ_SESSION.ROLES']}' 
  I just placed the same in the URL textbox for the image link
  '@{biServer.variables['NQ_SESSION.MYURLCONSTANT']}' 
  Then I get a "script injection" popup warning. Has anyone seen that before?
  The same happens when I try VALUEOF(NQ_SESSION.MYURLCONSTANT)
  I did not find anything by googling.
  How else to parameterize the URL´s?
  thanks

  I don't get any unresponsive script. It's best that the consumer contacts us as each case is different.
  Some things you can suggest:
  *Update to the latest version of Adobe Flash <br>
  *Clear cache and cookies <br>

• Script injection on .cfm pages

  I need help. For the second time in three months every single .cfm page has a malicous cross-site script appended to the orginal code. It looks something like this:
  I'm having a really hard time trying to figure out where this might be coming from, or where the vulnerability is. Has anyone been affected by the same scripting attack? I'm running a windows 2003 server, fusebox 4.0 framework on MS SQL database. Thanks for any help or any leds that might help solve this problem!

  This problem is necessarily caused by modification of the server-side script files.  Therefore, it is necessary that the server must have been compromised.  On a shared server, this is "more or less to be expected," since hundreds if not thousands of people other than yourself have accounts on the same server(s).  However, there is a lot that you can do to preven it:  it only takes a couple of extra steps.
  Always use sftp (secure FTP) to transfer files and to establish host sessions.  Many hosting companies allow you to disable non-secure FTP, and you should do so.
  Protect your username/password as robustly as you can.  "password1234" is an extremely common password, as is "password." 
  After transferring files to your computer, use chown (Unix), cacls (Windows), or its equivalent to secure the files against anyone, including yourself.  (You can always countermand your directives later, the next time you're ready to update the site.)  This will at-least require the intruder to have compromised your account, not someone else's.
  In that same vein, don't forget to secure all of the parent directories!  "It'll do no damn good at all" if the intruder can replace your carefully-secured directory, in its entirety, with an altered one!
  Make backups!
  If your site permits any sort of user-contributed content to be provided, make absolutely sure it is well-filtered.
  "Think like a pirate."  ("RRRRRrrrrrrrr!!")  Web-site compromises are always "crimes of opportunity."  Many a cat-burglar has made a good living by trying each door in a neighborhood while carrying a pizza box.

• SQL injection hacking

  Hello all,
  Someone is telling me that a site of mine is vulnerable to a
  hacking
  technique called "SQL injection". They cited a URL such as
  http://www.mydomain.com/gallery.cfm?VarCatID=29
  as an example.
  I Googled SQL injection, and found a lot of information,
  which I'm in the
  midst of reading.
  What I really want to know is, how serious a risk is this?
  Should I be
  taking action, and if so, what?
  Aren't there millions of sites that use that type of URL
  string?? Are they
  all unsafe too?
  Patty Ayers | www.WebDevBiz.com
  Free Articles on the Business of Web Development
  Web Design Contract, Estimate Request Form, Estimate
  Worksheet

  Thank you, Tom!
  Patty Ayers | www.WebDevBiz.com
  Free Articles on the Business of Web Development
  Web Design Contract, Estimate Request Form, Estimate
  Worksheet
  "Tom Muck" <[email protected]> wrote in
  message
  news:ecuu0f$dbn$[email protected]..
  > If you are passing an integer on a querystring, make
  sure you validate
  > that an integer is being passed, either by using a
  cfparm, cfqueryparam,
  > or by using the val() function on the passed querystring
  variable:
  >
  > <cfquery name="blah" datasource="#mydsn#">
  > SELECT * FROM mytable WHERE catid =
  > <cfqueryparam cfsqltype="cf_sql_integer"
  value="#url.VarCatID#">
  > </cfquery>
  >
  > The DW 8.0.2 update changed the way that DW does this so
  injection is no
  > longer a concern.
  >
  > --
  > --
  > Tom Muck
  > co-author Dreamweaver MX 2004: The Complete Reference
  >
  http://www.tom-muck.com/
  >
  > Cartweaver Development Team
  >
  http://www.cartweaver.com
  >
  > Extending Knowledge Daily
  >
  http://www.communitymx.com/
  >
  >
  > "P@tty Ayers"
  <[email protected]> wrote in message
  > news:ecut8j$cg6$[email protected]..
  >> Hello all,
  >>
  >> Someone is telling me that a site of mine is
  vulnerable to a hacking
  >> technique called "SQL injection". They cited a URL
  such as
  >>
  http://www.mydomain.com/gallery.cfm?VarCatID=29
  as an example.
  >>
  >> I Googled SQL injection, and found a lot of
  information, which I'm in the
  >> midst of reading.
  >>
  >> What I really want to know is, how serious a risk is
  this? Should I be
  >> taking action, and if so, what?
  >>
  >> Aren't there millions of sites that use that type of
  URL string?? Are
  >> they all unsafe too?
  >>
  >>
  >> --
  >> Patty Ayers | www.WebDevBiz.com
  >> Free Articles on the Business of Web Development
  >> Web Design Contract, Estimate Request Form, Estimate
  Worksheet
  >> --
  >>
  >>
  >>
  >>
  >
  >

• SQL injection hacks

  Hi,
  i am a bit disappointed by the ability of cisco IPS to block sql injections, even with the new added generic sql injection signatures not long ago, still websites hosted with us are being hacked.
  i know its vulnerabilities in the sites, but the command update is a lot used to hack sites, i have created a custom signature that catches "update" in small and caps, but i was surprised yesterday that the hacker used "u%pdate" and it bypassed the sensor !!
  any thoughts on the subject
  thanks

  Interesting. I'm so not a SQL expert, but I don't see how "u%pdate" is valid SQL. Why would the database interpret "u%pdate" as valid SQL? Is the application cleaning up the input before passing to the db?
  IMHO, if your customers have vulnerable apps, then they need to fix them. A network based IDS simply isn't going to be the best at detecting every possible variation of injection (or anything else imo, but that's a whole different soap box). It just doesn't have the required context. Throw TLS into the mix, and most of the time coverage drops to zero.

• Unable to disable CSM script injection

  Good morning,
  We activated CSM for some of the servers.  We identified a problem with it (the injected script) and disabled it.  The server have received their updated configuration from SCOM, but we still see the CSM script being injected. 
  How can we troubleshoot this?  Which component does the actual injection?
  Thanks,
  Peter

  Hi Peter,
  Most likely the configuration wasn't properly updated yet or the changes wasn't applied..
  Let's check this out step by step:
  1. Uncheck client-side monitoring checkbox for appropriate application. You should also verify the target groups consistent (make sure you disable client-side monitoring for proper servers) for client-side monitoring if you specified any.
  2. Restart System Center Management service on all application servers where you want to change the configuration. The restart will initialize application discovery and therefore the configuration changes. Be patient - it takes time to upload actual configuration,
  and even it might be uploaded only after several service restarts. I guess this is your case.
  3. Anyway I'll give you a tip how to check that the new configuration is in place. On application server go to APM Agent configuration folder (<SCOM Agent installation path>\APMDOTNETAgent\V7.0.9538.0\Configuration) and open CSM.action.config.
  Search for the app name previously added to client-side monitoring.
  4. If it's still there, repeat steps 2 and 3. Once the app disappears from config, execute IISRESET to apply changes. I usually do this twice for sure (I saw sometimes not all the IIS services may be restarted just at once). This time the CSM injection
  should go away.
  The injection is performed by java scripts downloaded from CSMCollector path, web service which is pushed automatically under the same web site after you add the app to client-side monitoring.
  Igor Savchenko, VIAcode Consulting LLC (http://www.viacode.com/)

• Virus from Script injection / Cross-Site Scripting

  I had a page on a simple informational site for a restaurant hacked this week, and I'm looking for some advice.  The hacker managed to get an iframe tag on to the site's home page, and the contents of the iframe were nasty enough to turn a few computers into doorstops, at least temporarily.
  My hosting company, HMS, is taking the position that the tag got into the index.html page through a script vulnerabilty, not through any hole in their server security.  So I'm trying to figure out where they got in.
  some facts:
  site is HTML only.  Not dynamic.
  there was a mail.asp page on the server, but it was not used or linked to any page. (and oddly enough the site is on a linix server, so I'm guessing that a contribute user was fooling around with that at some point)
  the site is using opentable.com, which is an online reservation system that does use an iframe.(i'm asking them to assess whether or not their scripting could be an issue.
  the only infected page, index.html, had no calls to exterior scripts in it - no calls to any exterior files at all, not even a CSS file.It just contained html tags, a few images, and internal DW javascripts like MM_swapImage.
  The site is enabled for Contribute. (I'm trying unsuccessfully to remove that, but that's another story)
  If anybody can help me understand how a site like this could get compromised I would appreciate it.

  Jordan, HMS handled this issue quickly and effectively, as it has the vast majority of issues that have come up  during the 8 years I've been a customer. However, in this case there was a serious lag that does warrant concern. The initial tech consulted on this issue identified the issue as CSS and left me alone to work out the issue with nothing more than some URLs to study. Once I had read those docs and determined that the tech was wrong about the problem and that there was no way this could be  a case of CSS, I emailed for more clarification and help, but it took 24 hours to hear back from  you, despite repeated emails.  In fact - I never did get reply - 24 hours later I had to enter a chat and for a supervisor before anybody paid further attention to the issue.  So yeah, you did fine once you were on the case, but it took you too long to get there. For my part, I learned that I need to be a squeekier wheel and ask for a supervisor right away when such a critical issue comes up.

• In mozila 3.6 or higher version as i install Browser Highlighter addone then in my site when i edit any html content in fck editor or in tiny mce editor then it add a script name gwproxy how i can solve it

  in mozila 3.6 or higher version as i install Browser Highlighter addone then in my site when i edit any html content in fck editor or in tiny mce editor then it add a script name gwproxy its happend with 3.6 or higher version thanks
  == This happened ==
  Every time Firefox opened
  == i upgrqde mozilla to 3.6.3 version and i check it with on another computers

  Hi Deepak!
  This seems to be a well-known and quite widespread problem with this extension, unfortunately - the net is full of complaints about this issue, not to mention 'horror stories' about how this (otherwise fairly innocent and well-certified but clearly highly commercial) extension has 'sneaked' its way into peoples installations.
  I find it quite amazing that such an issue has existed for so long without the Browser Highlighter, TinyMCE and FCKeditor teams getting together and making a working fix - it should be rather easy to prevent with a tag or plugin check in editor code and/or a simple editor recognition routine in the extension.
  If you want (/need) to use this extension, I can only point you to the Browser Highlighter homepage for support; in [http://thebrowserhighlighter.com/help.jsp The Browser Highlighter Help section] it is clearly documented - first section, last paragraph - along with a link to [http://thebrowserhighlighter.com/blacklist.jsp this problem report form] where it seems you can ask for help solving the problem.
  However, given the (script-)name of the page, I suppose that reporting a problem on your own website (with all details) actually adds your site - or part of it - to a blacklist that TBH maintains to turn off TBH or at least problematic script injections when visiting sites registered in this list. So actually this might help you solve the problem quite easily, if they do what the page implies.
  Please let us know how above works out, and if we can be of further assistance. Detailed feedback is appreciated and helps us to help you better, plus enables us to better help more users with similar problems.

• Javascript injection spamming after last update

  Firefox auto updated yesterday for me and immediately afterwards I've been getting javascript injecting spams that is slowing down my machine noticeably. In addition I can no longer use firebug or inspect element due to this spamming.
  I have run every virus scan I have from boot up and nothing was found, so the firefox update is the only thing I can think of as the cause.
  Here is the spam that just goes on and on, how can I fix this?
  <script id="dnt-inject-js" src="https://sc1.checkpoint.com/dev/abine/scripts/inject.js" type="application/x-javascript">

  This was indeed the problem. I was up to date with the zonealarm extension and so the problem wasn't resolved by checking for updates, but disabling the addon fixed it.
  Thank you for the assistance.

• Another attempt to create "on the fly" condition in PL/SQL

  Here is the code:
  ---BEGIN ----
  declare
  my_var_list VARCHAR2(4000);
  cursor my_curr is select aa.column_name as my_col_name from user_tab_columns aa, user_tab_columns bb
  where aa.column_name = bb.column_name
  and aa.table_name = 'MY_SUBSET_TABLE' and bb.table_name = 'MY_SUPERSET_TABLE';
  begin
  for my_ind in my_curr loop
  my_var_list := my_var_list || my_i.my_col_name || ', ';
  end loop;
  insert into MY_SUPERSET_TABLE (my_var_list) select my_var_list from MY_SUBSET_TABLE;
  end;
  run;
  ---END---
  I plan to extract column name from user_tab_column, and concat it into a variable "my_var_list".
  The question now is, given the my_var_list contain column names (separate by comma), how can I use it in the select statement below?
  insert into MY_SUPERSET_TABLE (my_var_list) select my_var_list from MY_SUBSET_TABLE;
  Any idea on how to improve this script? I am running on Oracle9i ... using SQL Dev.
  Thanks much...

  It's a terrible idea, but it can be done. It could leave you open for sql injection hacks:
  declare
  my_sql VARCHAR2(4000);
  column_list varchar2(4000);
  v_iteration number := 0;
  begin
  for i in ( select column_name from user_tab_columns where table_name = 'T1') loop
  if v_iteration = 0 then
  column_list := i.column_name;
  else
  column_list := column_list||','||i.column_name;
  end if;
  v_iteration := v_iteration + 1;
  end loop;
  execute immediate 'insert into t2('||column_list||') select '||column_list||' from t1';
  end;
  /

• PHP: contact form says "something missing" but it's not

  The content is essentially identical to a working Contact
  Form but obviously
  I have an error somewhere. Could somebody please take a look?
  http://lerosmarina.gr/contact.php
  calls jomail.php - code, comments removed:
  <?php
  $locationroot = "Location:
  http://www.lerosmarina.gr/";
  $toAddress = "[email protected]";
  $fromAddress = "From: [email protected]";
  if (is_array($val)) {
  foreach ($val as $item) {
  isSuspect($item, $pattern, $suspect);
  else {
  if (preg_match($pattern, $val)) {
  $suspect = true;
  if (!isset($_REQUEST['email']))
  header( $locationroot."contact_us.php" );
  elseif (empty($surname) || empty($firstname) ||
  empty($company)
  ||empty($phone) || empty($email))
  header( $locationroot."missing.php" );
  else
  $suspect = false;
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  isSuspect($_POST, $pattern, $suspect);
  if (!empty($_POST['email'])) {
  $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
  if (!preg_match($checkEmail, $_POST['email'])) {
  $suspect = true;
  if (!$suspect) {
  $subject = "Feedback from ".$originating_site." Web Site
  about
  ".$mailsubject;
  $mailcontent = "Originating Site: ".$originating_site."\n";
  $mailcontent .= "Mail Subject: ".$mailsubject."\n";
  $mailcontent .= "Customer First Name: ".$firstname."\n";
  $mailcontent .= "Customer Surname: ".$surname."\n";
  $mailcontent .= "Customer EMail Address: ".$email."\n";
  $mailcontent .= "Customer Telephone Number: ".$phone."\n";
  $mailcontent .= "Customer Comments: ".$msgbody."\n";
  $mailcontent .= "Customer referer:
  ".getenv('HTTP_REFERER')."\n";
  $mailcontent .= "Customer address:
  ".getenv('REMOTE_ADDR')."\n";
  $mailcontent .= "Customer host:
  ".getenv('REMOTE_HOST')."\n";
  mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddre ss));
  header( $locationroot."thankyou.php" );
  else
  $subject = "Mail Injection Hack Attempted at
  ".$originating_site;
  $mailcontent = "Originating Site: ".$originating_site."\n";
  $mailcontent .= "Customer referer:
  ".getenv('HTTP_REFERER')."\n";
  $mailcontent .= "Customer address:
  ".getenv('REMOTE_ADDR')."\n";
  $mailcontent .= "Customer host:
  ".getenv('REMOTE_HOST')."\n";
  mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddre ss));
  header( $locationroot."thankyou.php" );
  ?><?php
  $locationroot = "Location:
  http://www.lerosmarina.gr/";
  if (!isset($_REQUEST['email']))
  header( $locationroot."contact.php" );
  elseif (empty($surname) || empty($firstname) ||
  empty($company)
  ||empty($phone) || empty($email))
  header( $locationroot."missing.php" );
  else
  $toAddress = "[email protected]";
  $fromAddress = "From: [email protected]";
  $subject = "Feedback from ".$originating_site." Web Site
  about
  ".$mailsubject;
  $mailcontent = "Originating Site: ".$originating_site."\n";
  $mailcontent .= "Mail Subject: ".$mailsubject."\n";
  $mailcontent .= "Customer First Name: ".$firstname."\n";
  $mailcontent .= "Customer Surname: ".$surname."\n";
  $mailcontent .= "Customer EMail Address: ".$email."\n";
  $mailcontent .= "Customer Telephone Number: ".$phone."\n";
  $mailcontent .= "Customer Comments: ".$msgbody."\n";
  $mailcontent .= "Customer referer:
  ".getenv('HTTP_REFERER')."\n";
  $mailcontent .= "Customer address:
  ".getenv('REMOTE_ADDR')."\n";
  $mailcontent .= "Customer host:
  ".getenv('REMOTE_HOST')."\n";
  mail($toAddress,stripslashes($subject),stripslashes($mailcontent),stripslashes($fromAddre ss));
  header( $locationroot."thankyou.php" );
  $suspect = false;
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  function isSuspect($val, $pattern, &$suspect) {
  if (is_array($val)) {
  foreach ($val as $item) {
  isSuspect($item, $pattern, $suspect);
  else {
  if (preg_match($pattern, $val)) {
  $suspect = true;
  isSuspect($_POST, $pattern, $suspect);
  if (!empty($_POST['email'])) {
  $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
  if (!preg_match($checkEmail, $_POST['email'])) {
  $suspect = true;
  if (!$suspect) {
  if (!$suspect) {
  else {
  ?>

  Thanks Gareth, I'll try that out
  Jo
  "gareth" <support@nospam_phploginsuite.co.uk> wrote in
  message
  news:es4740$2u4$[email protected]..
  > The problem is that it looks like an old script and
  register_globals is
  > turned off on your server (as it should be).
  >
  > With the following:
  >
  > elseif (empty($surname) || empty($firstname) ||
  empty($company)
  > ||empty($phone) || empty($email))
  >
  > Its referencing submitted values by their name only,
  which you used to be
  > able to do, but was very insecure. Now you have to tell
  PHP exactly where
  > the data comes from, so the above should be:
  >
  > elseif (empty($_POST['surname']) ||
  empty($_POST['firstname']) ||
  > empty($_POST['company'])
  > ||empty($_POST['phone']) || empty($_POST['email']))
  >
  > This should pass the missing data check now, however,
  you`ll need to go
  > through all your code, and anywhere it references a
  value from the form
  > change from $variable_name to $_POST['variable_name']
  >
  > Should work as intended then.
  >
  > --
  > Gareth
  >
  http://www.phploginsuite.co.uk/
  > PHP Login Suite V2 - 34 Server Behaviors to build a
  complete Login system.
  >

• Problem with application-variables - CFLOCK?

  Hi,
  i have a problem with my application. It is a multi-user
  application with 100 parallel-users and CFMX 7.
  The problem wich occures is with application variables. These
  are mainly structs wich get filled onApplicationStart(). The
  problem is, that the variables suddenly disappear, they are empty.
  I have read about CFLock and found out, that it is necesseary
  to use cflock. And i found out, that onApplicationStart does
  correct locking automatically. That is where i do not understand
  the problem. The variables get intialized correctly and in further
  they only get read-access. Why can they be corrupted?
  My other question about that is, wheather i need cflock for
  all Read-Access to Application and Session-Variables, even if there
  happens no writing to the variables?
  Best Regards,
  Andreas

  > ?The element of position 2, of dimension 2, of an array
  object used as part of
  > an expression, cannot be found.?
  > The array is in this case the struct.
  Well, OK, that could be a problem. Arrays are not structs:
  they are two
  different things, are not interchangeable, and have
  completely different
  sets of functions to utilise them. You cannot treat a struct
  as an array.
  If CF is claiming your "struct" is an array, then it actually
  *is* an
  array, not a struct.
  What's the line of code which is generating that error?
  I suppose one could get this error if you have an array of
  structs thus:
  myArray
  .key1
  myArray.key2
  (etc)
  and you're trying to reference it with a numeric key rather
  than by key
  name, eg:
  myArray
  [n]
  When n is an integer value, rather than a string (which
  corresponds to the
  name of the key).
  > > Have you trapped the error, done a <cfdump>
  of the application scope and
  > > checked to see if it's the whole lot going awry, or
  just some values?
  > I have not used cfdump for it, because the server had to
  be immediately
  > restarted for our customers. But i think, that it is
  not completely empty,
  > because the index runs to pos2 of dimenstion2.
  So does this not happen in your dev / testing environment?
  > Will
  > onApplicationStart() be called before? Or only if
  onRequestStart() returns true?
  I would ***-u-me that the application one would be called
  before the
  request one. It's pretty easy for you to test this though, I
  should think?
  (Sorry: for reasons beyond the scope of this conversation,
  we're still
  forced to use Application.cfm in our software, so I've only a
  passing
  knowledge of how Application.cfc works).
  > Here is the code from onRequestStart()
  > <cffunction name="onRequestStart"
  returntype="boolean">
  > <cfargument name="Requestedpage" required="yes" />
  > <cfscript>
  > var lFile = "/cargorent/Login.cfm";
  > var iPosn = ListFindNoCase( lFile,
  Arguments.Requestedpage );
  > if( iPosn gt 0 )
  > return true;
  >
  > if( NOT IsDefined( "session.user.Loginname" ) or
  session.user.Loginname eq
  > "" )
  > {
  > WriteOutput( "<p><p> The current user is no
  longer valid, please log in
  > again.</p></p>" & chr(10) & chr(13)
  > WriteOutput( "<script
  language=""javascript"">parent.location = ""
  http://"
  > & CGI.HTTP_HOST &
  "/Login/Login.cfm"";</script>" );
  > return false;
  > }
  >
  > return true;
  > </cfscript>
  > </cffunction>
  One thing I will say here is that I really think you should
  be separating
  your processing from your display. A function should do
  processing. it
  should pass that processing back to a CFM template which
  should handle
  whatever needs to be displayed on the browser. Although
  that's nowt to do
  with your current issue.
  Adam

• Hi... some code displays when i open a web page... i copied the info... can i submit and ask what is happening?

  150129... this has been displaying often when i open a webpage in firefox... i have to close the page & reopen it to get it to display without this... whats going on??
  In address bar: https://sc1.checkpoint.com/dev/abine/scripts/inject.js
  Displayed:
  (function () {
  // tell toolbar that inject was successful
  dntPageEvents("hello");
  // return if already injected
  if (window.dntToolbarClicked) return;
  function sendPageEvent(action, params, callback) {
  var documentElement = document.documentElement;
  var element = document.createElement("DNTPDataElement");
  element.setAttribute("action", action);
  if (params) {
  element.setAttribute("param", "[\"" + params + "\"]");
  element.style.display = 'none';
  documentElement.appendChild(element);
  var fn = function () {
  if (callback)
  callback(element.innerHTML);
  element.parentNode.removeChild(element);
  if (!document.addEventListener) { // IE8
  documentElement.DNTPPageEventResponse = 0;
  var listener = function(event){
  if (event.propertyName === 'DNTPPageEventResponse') {
  documentElement.detachEvent('onpropertychange', listener);
  setTimeout(fn, 0);
  documentElement.attachEvent('onpropertychange', listener);
  var triggerEvent = function (retry) {
  var triggerElement = document.getElementById('DNTPPageEvent');
  if (!triggerElement) {
  if (retry < 40)
  setTimeout(function(){triggerEvent(retry+1)}, 50);
  return;
  triggerElement.setAttribute('element', element);
  triggerElement.click();
  triggerEvent(0);
  } else {
  if (document.all) { // IE9
  element.onclick = fn;
  var evt = document.createEvent("CustomEvent");
  evt.initCustomEvent("DNTPPageEvent", true, true, null);
  } else { // all other browsers
  element.addEventListener('click', fn, true);
  var evt = document.createEvent("Events");
  evt.initEvent("DNTPPageEvent", true, false);
  setTimeout(function () {
  element.dispatchEvent(evt);
  }, 50);
  function iconChange(e) {
  e = e || event;
  var target = e.target || e.srcElement;
  var data = target.innerHTML;
  var timer = setInterval(function () {
  try {
  if (typeof dntPageEvents == "function") {
  clearInterval(timer);
  dntPageEvents(data);
  }catch (e) { }
  }, 50);
  var listener = document.createElement('div');
  listener.setAttribute('id', 'zaIconChangeListener');
  listener.setAttribute('dntpIgnore', 'true');
  listener.style.display = 'none';
  document.documentElement.appendChild(listener);
  if (listener.addEventListener)
  listener.addEventListener('click', iconChange, true);
  else if (listener.attachEvent)
  listener.attachEvent('onclick', iconChange);
  window.dntToolbarClicked = function (pos) {
  sendPageEvent('toolbarClicked', pos);
  sendPageEvent('refreshIcon');
  window.dntUpdateIcon = function () {
  sendPageEvent('refreshIcon');
  sendPageEvent('refreshIcon');
  })();

  ''james_s [[#question-1044118|said]]''
  <blockquote>
  150129... this has been displaying often when i open a webpage in firefox... i have to close the page & reopen it to get it to display without this... whats going on??
  In address bar: https://sc1.checkpoint.com/dev/abine/scripts/inject.js
  Displayed:
  (function () {
  // tell toolbar that inject was successful
  dntPageEvents("hello");
  // return if already injected
  if (window.dntToolbarClicked) return;
  function sendPageEvent(action, params, callback) {
  var documentElement = document.documentElement;
  var element = document.createElement("DNTPDataElement");
  element.setAttribute("action", action);
  if (params) {
  element.setAttribute("param", "[\"" + params + "\"]");
  element.style.display = 'none';
  documentElement.appendChild(element);
  var fn = function () {
  if (callback)
  callback(element.innerHTML);
  element.parentNode.removeChild(element);
  if (!document.addEventListener) { // IE8
  documentElement.DNTPPageEventResponse = 0;
  var listener = function(event){
  if (event.propertyName === 'DNTPPageEventResponse') {
  documentElement.detachEvent('onpropertychange', listener);
  setTimeout(fn, 0);
  documentElement.attachEvent('onpropertychange', listener);
  var triggerEvent = function (retry) {
  var triggerElement = document.getElementById('DNTPPageEvent');
  if (!triggerElement) {
  if (retry < 40)
  setTimeout(function(){triggerEvent(retry+1)}, 50);
  return;
  triggerElement.setAttribute('element', element);
  triggerElement.click();
  triggerEvent(0);
  } else {
  if (document.all) { // IE9
  element.onclick = fn;
  var evt = document.createEvent("CustomEvent");
  evt.initCustomEvent("DNTPPageEvent", true, true, null);
  } else { // all other browsers
  element.addEventListener('click', fn, true);
  var evt = document.createEvent("Events");
  evt.initEvent("DNTPPageEvent", true, false);
  setTimeout(function () {
  element.dispatchEvent(evt);
  }, 50);
  function iconChange(e) {
  e = e || event;
  var target = e.target || e.srcElement;
  var data = target.innerHTML;
  var timer = setInterval(function () {
  try {
  if (typeof dntPageEvents == "function") {
  clearInterval(timer);
  dntPageEvents(data);
  }catch (e) { }
  }, 50);
  var listener = document.createElement('div');
  listener.setAttribute('id', 'zaIconChangeListener');
  listener.setAttribute('dntpIgnore', 'true');
  listener.style.display = 'none';
  document.documentElement.appendChild(listener);
  if (listener.addEventListener)
  listener.addEventListener('click', iconChange, true);
  else if (listener.attachEvent)
  listener.attachEvent('onclick', iconChange);
  window.dntToolbarClicked = function (pos) {
  sendPageEvent('toolbarClicked', pos);
  sendPageEvent('refreshIcon');
  window.dntUpdateIcon = function () {
  sendPageEvent('refreshIcon');
  sendPageEvent('refreshIcon');
  </blockquote>
  REPLY TO ANSWERS:
  yes, i use blur and a couple of other security and ad blocker add-ons.
  actually, just now, it was the "firefox help" screen that always displays the code.
  based on info provided by cor-el, i started disabling add-ons... I use zonealarm firewall and antivirus which installs its own toolbar... when i disabled blur & other add-ons in turn, the problem continued... when i disabled the zonealarm toolbar, the problem stopped.
  so im going to surmise that its the zonealarm toolbar causing the problem... ill uninstall it
  great product in firefox... been using it for years... like everything about it... and now the support too!
  thank you for the help.... cheers!!

• How do I pass a cfparam value to multiple pages at once

  Here's the link to my page:
  www.carolinagreen.net/victus
  Click "Roster" and then "The Infamy" to see my problem.
  What I've done is made the roster page populate dynamically
  with each artist from a table in the database. The links for each
  artist you see on the roster page are all linked to the page
  artist.cfm and each passes its unique ID to the artist page for
  displaying the info about each artist.
  On the artist page, I also have an iFrame that I intend to
  use to display the shows. The page it displays is called shows.cfm.
  Now, I know the show page works because you can type
  www.carolinagreen.net/victus/shows.cfm?ID=1 and it will display the
  shows for The Infamy. My problem is getting it to pass the ID value
  to the shows.cfm page at the same time that it passes it to the
  artist.cfm page.
  Both pages currently have this at the top to supply the ID to
  the page:
  <cfparam name="URL.ID" type="numeric" default="0">
  I thought it might actually just pass the ID to both since
  the browser opens both pages at once.
  Is this even possible? I know I could just screw the iFrame
  and make a link to the shows.cfm page that opens in a new window or
  something, but I'm trying to work with my clients wishes. If worse
  comes to worse, I can just forget the iFrame, display the shows in
  the artist.cfm page and make the body of the page grow to fit all
  the info in, but that could get messy and stupid looking when the
  artist has a 30-show tour booked.
  Any ideas anyone?
  Cameron

  Actually your browser does two independent calls to your
  webserver and the scripts do not share the information with each
  other.
  Just pass the id value to the iframe by adding it to the src
  attribute from within your "artist.cfm"-script.
  <iframe src="shows.cfm?ID=#url.id#">
  That's it.