Nothing really, and I even renamed my application.cfm file. I even tested it on localhost on my local machine in the CF Dev environment.
What I'm doing is this:
- Load the page.
- Open a Firefox addon called "Tamper Data". We've found this to pretty closely replicate the scanner that out security people use. If it passes this addon, it passes the scan, and vice versa.
- Click "Start Tamper".
- Type a number into the form field, then submit.
- When the addon asks, I edit that post field by adding &foo, then click submit.
That gives me the error.
Perhaps the addon/scanner are doing something behind the scenes that we don't know about?