Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logically stopping xss

From: petard <petard () sdf lonestar org>
Date: Wed, 23 Jul 2003 03:28:35 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 22, 2003 at 09:33:00PM -0400, Justin Shin wrote:

i know there's a lot of stupid jokes about XSS vulns right now, but I was wondering if there is any firewall or IDS 
software that can look for suspicious GET requests ... ie.

GET /vulnerablewebapp/?<XSS SHZNIT>

I'm sure there's a program out there ... and I'm stupid, please don't kill me...



It's a little-known tool, to be sure :-)

Here's an example:
http://www.snort.org/snort-db/sid.html?sid=1667

Hope this helps... (or did I totally misunderstand your question?

petard


- --
top-post: n., v. - [common] To put the newly-added portion of an email or Usenet  response before the quoted part, as 
opposed to the more logical sequence of  quoted portion first with original following. [...]  This term is generally 
used pejoratively with the implication that  the offending person is a newbie, a Microsoft addict  (Microsoft mail 
tools produce a similar format by default), or simply a  common-and-garden-variety idiot.
        - The jargon file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE/HgDYgkiZ59A0kiQRAh8UAJ9elCfSYzpH02VfOeMYn5NZKA+QnQCfVGg3
LXa1GtmiNI2A3c+hF085i08=
=+DHb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: