Full Disclosure mailing list archives
RE: logically stopping xss
From: "Marc Ruef" <maru () scip ch>
Date: Wed, 23 Jul 2003 09:34:11 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
i know there's a lot of stupid jokes about XSS vulns right now, but I was wondering if there is any firewall or IDS software that can look for suspicious GET requests ... ie. GET /vulnerablewebapp/?<XSS SHZNIT>
Watch out! Not just GET requests should be checked. These sources should help you: http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt http://www.securityfocus.com/bid/7942 Bye, Marc - -- ) scip AG ( Technoparkstr. 1 8005 Zürich T +41 1 445 18 18 F +41 1 445 18 19 maru () scip ch www.scip.ch - - Aktuellste IT-Sicherheitsluecken - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPx46gBe5hzJzqVMhEQLo3ACePQMjlsnO+dUyKugObsE6sBWLEDUAoORo ZO9MgywPrJRI05CdfXba86tU =6byH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Edstrom Johan (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss KF (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss petard (Jul 22)
- <Possible follow-ups>
- RE: logically stopping xss Marc Ruef (Jul 23)
- RE: logically stopping xss Schmehl, Paul L (Jul 23)