Full Disclosure mailing list archives
Re: logically stopping xss
From: Edstrom Johan <johan.edstrom () sca com>
Date: Tue, 22 Jul 2003 20:23:29 -0500
Actually that's really easy to implement in Apache's mod_rewrite, look at External Program. I did one a while back where I basically dumped Nikto into a precompiled regexp map - it does catch quite a bit, I also use that agains PIX syslog messages. /JE Justin Shin wrote:
i know there's a lot of stupid jokes about XSS vulns right now, but I was wondering if there is any firewall or IDS software that can look for suspicious GET requests ... ie. GET /vulnerablewebapp/?<XSS SHZNIT> I'm sure there's a program out there ... and I'm stupid, please don't kill me... -- Justin Shin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Edstrom Johan (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss KF (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss petard (Jul 22)
- <Possible follow-ups>
- RE: logically stopping xss Marc Ruef (Jul 23)
- RE: logically stopping xss Schmehl, Paul L (Jul 23)
