January 20th, 2003, 08:50 PM
Cross site scripting attacks... I think I found a vulnerable server...
For those of you who know something about cross site scripting attacks, maybe you can help me out.
I think I found some vulnerable servers could someone double check me?
When I telnet over to oday-warez.com I type in a strange get command, and it will come back with an error message along with what I typed in...
GET evilcode HTTP/1.0
HTTP/1.1 400 Bad Request
Date: Mon, 20 Jan 2003 20:26:24 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.11 OpenSSL/0.9.6g FrontPage/184.108.40.2060 PHP/4.1.2 mod_throttle/3.1.
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<TITLE>400 Bad Request</TITLE>
Your browser sent a request that this server could not understand.
Invalid URI in reque
st GET evilcode HTTP/1.0
<ADDRESS>Apache/1.3.27 Server at 220.127.116.11 Port 80</ADDRESS>
I think this server is vulnerable... but I'm not sure. Can anyone give me some input? Thanks!
January 20th, 2003, 10:26 PM
thats a front page response to a bad request. i believe on the unpatched version it also listed the location of the www directory aiding the ennumeration process. i could be wrong. i don't know much about front page extentions on apache. As a matter of fact i can't understand why someone would even want to do this...not enough money to hire a real webmaster maybe!?!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 20th, 2003, 10:58 PM