For those of you who know something about cross site scripting attacks, maybe you can help me out.

I think I found some vulnerable servers could someone double check me?

When I telnet over to oday-warez.com I type in a strange get command, and it will come back with an error message along with what I typed in...

GET evilcode HTTP/1.0

HTTP/1.1 400 Bad Request
Date: Mon, 20 Jan 2003 20:26:24 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.11 OpenSSL/0.9.6g FrontPage/5.0.2.2510 PHP/4.1.2 mod_throttle/3.1.
2
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H
1>Bad Request</H1>
Your browser sent a request that this server could not understand.


Invalid URI in reque
st GET evilcode HTTP/1.0


<HR>
<ADDRESS>Apache/1.3.27 Server at 66.28.245.54 Port 80</ADDRESS>
</BODY></HTML
>

I think this server is vulnerable... but I'm not sure. Can anyone give me some input? Thanks!

-Drawenai