Security Incidents mailing list archives

Re: Interesting

From: "Stephen J. Friedl" <steve () unixwiz net>
Date: Thu, 27 Feb 2003 08:13:02 -0800

http-equiv () excite com wrote:

Here's an interesting one:
xx.x.xx.xx - - [26/Feb/2003:02:36:41 -0500] "GET /html.exe.zipHTTP/1.1" 200 2245 "-" "Mozilla/5.0 (LINUX; means; Linux Is Not UniX;<script>alert('XSS@'+document.URL)</script>; +++ath0)"

This is the hijacking of referers, and it's meant to catch people whoshow them in online stats (such as in a weblog).

It's been reported recently athttp://www.unix-girl.com/mtype/mt-comments.cgi?entry_id=726


Steve

--
Stephen J Friedl • Software Consultant • Tustin, CA •   +1 714 544-6561
www.unixwiz.net  • I speak for me only •   KA8CMY   • steve () unixwiz net



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Re: Interesting Stephen J. Friedl (Mar 04)
- <Possible follow-ups>
- Re: Interesting Rafael Coninck Teigao (Mar 04)
- Re: Interesting bugtraq (Mar 04)