This is talked about in an older paper of mine. http://www.cgisecurity.com/papers/header-based-exploitation.txt > > http-equivat_private wrote: > > >Here's an interesting one: > > > >xx.x.xx.xx - - [26/Feb/2003:02:36:41 -0500] "GET /html.exe.zip > >HTTP/1.1" 200 2245 "-" "Mozilla/5.0 (LINUX; means; Linux Is Not UniX; > ><script>alert('XSS@'+document.URL)</script>; +++ath0)" > > > > > This is the hijacking of referers, and it's meant to catch people who > show them in online stats (such as in a weblog). > > It's been reported recently at > http://www.unix-girl.com/mtype/mt-comments.cgi?entry_id=726 > > Steve > > -- > Stephen J Friedl • Software Consultant • Tustin, CA • +1 714 544-6561 > www.unixwiz.net • I speak for me only • KA8CMY • steveat_private > > > > ---------------------------------------------------------------------------- > > <Pre>Lose another weekend managing your IDS? > Take back your personal time. > 15-day free trial of StillSecure Border Guard.</Pre> > <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> > > ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 09:22:16 PST