[Snort-users] Vulnerable to Cross Site Scripting (XSS) or not?
Jesper Skou Jensen
jesper.skou.jensen at ...1273...
Tue Aug 5 07:12:57 EDT 2008
Jesper Skou Jensen wrote:
> 1. As far as I understand it, 220.127.116.11 is trying to send "<SCRIPT" in eg.
> a webform on 18.104.22.168. Is that correct?
I've been digging a bit in our BARNYARD dumps, and I would expect
"SCRIPT" to appear in them, but as far as i can see it doesn't.
Here is an example of one of the dumps. Note that headers and HEX has
been stripped out, and url's have been annonymized.
da..UA-CPU: x86..Accept-Encoding: gzip, deflate..User-Agent: Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0;
AFB4417C-B44C-CEB7-A40B-FF0D26815D0C; SLCC1; .NET CLR 2.0.50727; .NET
CLR 3.0.04506; InfoPath.2)..Host: www.ANNONYMIZED.dk..Connection:
Am I looking at this in a wrong way, or isn't our Snort behaving?
Jesper S. Jensen
More information about the Snort-users