Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Interesting
From: bugtraq () cgisecurity net
Date: Tue, 4 Mar 2003 10:36:18 -0500 (EST)

This is talked about in an older paper of mine.
http://www.cgisecurity.com/papers/header-based-exploitation.txt





http-equiv () excite com wrote:


Here's an interesting one:

xx.x.xx.xx - - [26/Feb/2003:02:36:41 -0500] "GET /html.exe.zip 
HTTP/1.1" 200 2245 "-" "Mozilla/5.0 (LINUX; means; Linux Is Not UniX; 
<script>alert('XSS@'+document.URL)</script>; +++ath0)"
 


This is the hijacking of referers, and it's meant to catch people who 
show them in online stats (such as in a weblog).

It's been reported recently at 
http://www.unix-girl.com/mtype/mt-comments.cgi?entry_id=726

Steve

-- 
Stephen J Friedl ? Software Consultant ? Tustin, CA ?   +1 714 544-6561
www.unixwiz.net  ? I speak for me only ?   KA8CMY   ? steve () unixwiz net



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>





----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]