Full Disclosure mailing list archives
this is fun?
From: Jeffrey Denton <dentonj () gmail com>
Date: Sun, 20 Feb 2005 12:10:06 -0700
On Sun, 20 Feb 2005 14:51:48 +0100, Christian <evilninja () gmx net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brandy Simon wrote:http://picserv.on.zoy.org/IM39571.jpghm, what exactly is it? $ wget http://picserv.on.zoy.org/IM39571.jpg - --14:45:06-- http://picserv.on.zoy.org/IM39571.jpg => `IM39571.jpg' Resolving picserv.on.zoy.org... 80.65.228.129 Connecting to picserv.on.zoy.org[80.65.228.129]:80... connected. HTTP request sent, awaiting response... 404 Not Found 14:45:06 ERROR 404: Not Found.
Sometimes you have to have to use a sniffer. Grabbed with lynx and ethereal: GET /IM39571.jpg HTTP/1.0 Host: picserv.on.zoy.org Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg, image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm, image/gif, application/postscript, */*;q=0.01 Accept-Encoding: gzip, compress Accept-Language: en User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e . . . POST /index.php HTTP/1.0 Host: picserv.on.zoy.org Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg, image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm, image/gif, application/postscript, */*;q=0.01 Accept-Encoding: gzip, compress Accept-Language: en Pragma: no-cache Cache-Control: no-cache User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e Referer: http://picserv.on.zoy.org/IM39571.jpg Content-type: application/x-www-form-urlencoded Content-length: 28 content=&send=1&refer=&user= . . . GET /lm.php HTTP/1.0 Host: picserv.on.zoy.org Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg, image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm, image/gif, application/postscript, */*;q=0.01 Accept-Encoding: gzip, compress Accept-Language: en User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e Referer: http://picserv.on.zoy.org/IM39571.jpg . . . GET /lm.php?CLICK+ME=CLICK+ME HTTP/1.0 Host: picserv.on.zoy.org Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg, image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm, image/gif, application/postscript, */*;q=0.01 Accept-Encoding: gzip, compress Accept-Language: en User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e Referer: http://picserv.on.zoy.org/lm.php The page lm.php sets a number of variables depending on the User-Agent string, but only does something different if you are using IE. var nom = navigator.appName.toLowerCase(); var agt = navigator.userAgent.toLowerCase(); var is_major = parseInt(navigator.appVersion); var is_minor = parseFloat(navigator.appVersion); var is_ie = (agt.indexOf("msie") != -1); var is_ie4up = (is_ie && (is_major >= 4)); var is_nav = (nom.indexOf('netscape')!=-1); var is_nav4 = (is_nav && (is_major == 4)); var is_mac = (agt.indexOf("mac")!=-1); var is_gecko = (agt.indexOf('gecko') != -1); // GECKO REVISION var is_rev=0 if (is_gecko) { temp = agt.split("rv:") is_rev = parseFloat(temp[1]) . . . <input type="submit" value="CLICK ME" name="CLICK ME" style="width: 2000px; height: 2000px; background-image: url('pooped.jpg' );" src="hello.jpg" height="300" width="300" onmouseover="if(is_ie) {showModelessDialog('procreator.php'); return true; }document.goatse .reset();playBall();return true;" onclick="if(is_ie) {showModelessDialog('procreator.php'); return true; } playBall();return true;" onmouseout="if(is_ie) {showModelessDialog('procreator.php'); return true; } else{procreate();} playBall();return true;"> And so on... I haven't looked at all of the other .php pages yet. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: this is fun? Christian (Feb 20)
- Re: this is fun? Jordan Klein (Feb 20)
- Message not available
- this is fun? Jeffrey Denton (Feb 20)
- Re: this is fun? evilninja (Feb 21)
- this is fun? Jeffrey Denton (Feb 20)
- Re: this is fun? Jeffrey Denton (Feb 20)