Snort mailing list archives
Re: Vulnerable to Cross Site Scripting (XSS) or not?
From: Jesper Skou Jensen <jesper.skou.jensen () uni-c dk>
Date: Tue, 05 Aug 2008 13:12:57 +0200
Jesper Skou Jensen wrote:
1. As far as I understand it, 1.1.1.1 is trying to send "<SCRIPT" in eg. a webform on 2.2.2.2. Is that correct?
I've been digging a bit in our BARNYARD dumps, and I would expect "SCRIPT" to appear in them, but as far as i can see it doesn't. Here is an example of one of the dumps. Note that headers and HEX has been stripped out, and url's have been annonymized. GET /Infoweb/Thumb.asp?image=/Faelles/Fotoalbum/145/2008_0526_20402aa.jpg&x=130&y=130 HTTP/1.1..Accept: */*..Referer: http://www.ANNONYMIZED.dk/Infoweb/DynamiskeSider/Skolens%20fotoalbum.asp?Id=0..Accept-Language: da..UA-CPU: x86..Accept-Encoding: gzip, deflate..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AFB4417C-B44C-CEB7-A40B-FF0D26815D0C; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.2)..Host: www.ANNONYMIZED.dk..Connection: Keep-Alive..Cookie: pk_uuid=AFE63412237042A78C5A613E3F21D7; pk_sid=0BCCE1C998B3C686EEC103AC23C4B7; ASPSESSIONIDCQAABDDD=CIFPGIIHGMNBCOMJBKGLKJ....OMJBKGLKJ.... Am I looking at this in a wrong way, or isn't our Snort behaving? -- Jesper S. Jensen ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Vulnerable to Cross Site Scripting (XSS) or not? Jesper Skou Jensen (Aug 05)
- Re: Vulnerable to Cross Site Scripting (XSS) or not? Jesper Skou Jensen (Aug 05)
- Re: Vulnerable to Cross Site Scripting (XSS) or not? Valter Santos (Aug 05)
- Re: Vulnerable to Cross Site Scripting (XSS) or not? Jesper Skou Jensen (Aug 05)