Results 1 to 3 of 3

Thread: Cross site scripting attacks... I think I found a vulnerable server...

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    9

    Cross site scripting attacks... I think I found a vulnerable server...

    For those of you who know something about cross site scripting attacks, maybe you can help me out.

    I think I found some vulnerable servers could someone double check me?

    When I telnet over to oday-warez.com I type in a strange get command, and it will come back with an error message along with what I typed in...

    GET evilcode HTTP/1.0

    HTTP/1.1 400 Bad Request
    Date: Mon, 20 Jan 2003 20:26:24 GMT
    Server: Apache/1.3.27 (Unix) mod_ssl/2.8.11 OpenSSL/0.9.6g FrontPage/5.0.2.2510 PHP/4.1.2 mod_throttle/3.1.
    2
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>400 Bad Request</TITLE>
    </HEAD><BODY>
    <H
    1>Bad Request</H1>
    Your browser sent a request that this server could not understand.


    Invalid URI in reque
    st GET evilcode HTTP/1.0


    <HR>
    <ADDRESS>Apache/1.3.27 Server at 66.28.245.54 Port 80</ADDRESS>
    </BODY></HTML
    >

    I think this server is vulnerable... but I'm not sure. Can anyone give me some input? Thanks!

    -Drawenai

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    thats a front page response to a bad request. i believe on the unpatched version it also listed the location of the www directory aiding the ennumeration process. i could be wrong. i don't know much about front page extentions on apache. As a matter of fact i can't understand why someone would even want to do this...not enough money to hire a real webmaster maybe!?!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    I don't know what you mean with the frontpage part, but you could try replacing that evilcode part with a javascript redirction thing wich places the cookie in the query string of a logger you set up, wich is indeed a cross site scripting vulnerability. That server should not echo that "GET evilcode HTTP/1.0" part. I don't know if you tried useing javascript for real, maybe it's filtered.
    Double Dutch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •