Security Incidents mailing list archives
Re: Interesting
From: bugtraq () cgisecurity net
Date: Tue, 4 Mar 2003 10:36:18 -0500 (EST)
This is talked about in an older paper of mine. http://www.cgisecurity.com/papers/header-based-exploitation.txt
http-equiv () excite com wrote:Here's an interesting one: xx.x.xx.xx - - [26/Feb/2003:02:36:41 -0500] "GET /html.exe.zip HTTP/1.1" 200 2245 "-" "Mozilla/5.0 (LINUX; means; Linux Is Not UniX; <script>alert('XSS@'+document.URL)</script>; +++ath0)"This is the hijacking of referers, and it's meant to catch people who show them in online stats (such as in a weblog). It's been reported recently at http://www.unix-girl.com/mtype/mt-comments.cgi?entry_id=726 Steve -- Stephen J Friedl ? Software Consultant ? Tustin, CA ? +1 714 544-6561 www.unixwiz.net ? I speak for me only ? KA8CMY ? steve () unixwiz net ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Re: Interesting Stephen J. Friedl (Mar 04)
- <Possible follow-ups>
- Re: Interesting Rafael Coninck Teigao (Mar 04)
- Re: Interesting bugtraq (Mar 04)