thoughtomation

removing the "mis" from information

Saturday, January 06, 2007

Nice little XSS worm

Check out this very interesting set of HTTP requests:

Date Request
1/6/2007 12:48 GET //README HTTP/1.1
1/6/2007 12:48 GET /horde//README HTTP/1.1
1/6/2007 12:48 GET /horde2//README HTTP/1.1
1/6/2007 12:48 GET /horde3//README HTTP/1.1
1/6/2007 12:48 GET /horde-3.0.5//README HTTP/1.1
1/6/2007 12:48 GET /horde-3.0.6//README HTTP/1.1
1/6/2007 12:48 GET /horde-3.0.7//README HTTP/1.1
1/6/2007 12:48 GET /horde-3.0.8//README HTTP/1.1
1/6/2007 12:48 GET /horde-3.0.9//README HTTP/1.1
1/6/2007 12:48 GET /mail//README HTTP/1.1
1/6/2007 12:48 GET /email//README HTTP/1.1
1/6/2007 12:48 GET /webmail//README HTTP/1.1
1/6/2007 12:48 GET /newmail//README HTTP/1.1
1/6/2007 12:48 GET /mails//README HTTP/1.1
1/6/2007 12:48 GET /mailz//README HTTP/1.1
1/6/2007 12:50 GET //chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chat//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpchat//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /PhpMyChat//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chatroom//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chats//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /forum//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /php/phpmychat//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpMyChat-0.14.2//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpMyChat-0.14.5//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpMyChat//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpMyChat-0.14.3//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /phpMyChat-0.14.4//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chat1//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /forums//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chat2//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /chat3//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:50 GET /community//chat/messagesL.php3 HTTP/1.1
1/6/2007 12:51 GET /cacti//graph_image.php HTTP/1.1
1/6/2007 12:51 GET /stats//graph_image.php HTTP/1.1
1/6/2007 12:51 GET //graph_image.php HTTP/1.1
1/6/2007 12:52 GET //xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //xmlrpc/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //blog/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //drupal/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //community/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //blogs/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //blogs/xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //blog/xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //blogtest/xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //b2/xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //b2evo/xmlsrv/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //wordpress/xmlrpc.php HTTP/1.1
1/6/2007 12:52 GET //phpgroupware/xmlrpc.php HTTP/1.1
1/6/2007 12:54 GET //awstats.pl HTTP/1.1
1/6/2007 12:54 GET //cgi-bin/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //scgi-bin/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //awstats/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //cgi-bin/awstats/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //scgi-bin/awstats/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //cgi/awstats/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //scgi/awstats/awstats.pl HTTP/1.1
1/6/2007 12:54 GET //scripts/awstats.pl HTTP/1.1


Methinks all these enthusiasts for "Web 2.0" technologies have no idea what they are getting into.

If anyone wants an database-drive webserver built on a more conservative philosophy that's not vulnerable to this BS, drop me a line.

0 Comments:

Post a Comment

<< Home