Re: Interesting

From: Stephen J. Friedl (steveat_private)
Date: Thu Feb 27 2003 - 08:13:02 PST

Next message: Charles Hamby: "TCP 445 Scan?"

Previous message: Sven Pechler: "Re: Possible new backdoor: mspx-smss.exe ?"
In reply to: http-equivat_private: "Interesting"
Next in thread: Rafael Coninck Teigao: "Re: Interesting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http-equivat_private wrote:

>Here's an interesting one:
>
>xx.x.xx.xx - - [26/Feb/2003:02:36:41 -0500] "GET /html.exe.zip 
>HTTP/1.1" 200 2245 "-" "Mozilla/5.0 (LINUX; means; Linux Is Not UniX; 
><script>alert('XSS@'+document.URL)</script>; +++ath0)"
>  
>
This is the hijacking of referers, and it's meant to catch people who 
show them in online stats (such as in a weblog).

It's been reported recently at 
http://www.unix-girl.com/mtype/mt-comments.cgi?entry_id=726

Steve

-- 
Stephen J Friedl • Software Consultant • Tustin, CA •   +1 714 544-6561
www.unixwiz.net  • I speak for me only •   KA8CMY   • steveat_private



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Charles Hamby: "TCP 445 Scan?"
Previous message: Sven Pechler: "Re: Possible new backdoor: mspx-smss.exe ?"
In reply to: http-equivat_private: "Interesting"
Next in thread: Rafael Coninck Teigao: "Re: Interesting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 07:29:12 PST