| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dentonj at gmail.com (Jeffrey Denton)
Subject: this is fun?
On Sun, 20 Feb 2005 14:51:48 +0100, Christian <evilninja@....net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Brandy Simon wrote:
> > http://picserv.on.zoy.org/IM39571.jpg
>
> hm, what exactly is it?
>
> $ wget http://picserv.on.zoy.org/IM39571.jpg
> - --14:45:06-- http://picserv.on.zoy.org/IM39571.jpg
> => `IM39571.jpg'
> Resolving picserv.on.zoy.org... 80.65.228.129
> Connecting to picserv.on.zoy.org[80.65.228.129]:80... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 14:45:06 ERROR 404: Not Found.
>
Sometimes you have to have to use a sniffer. Grabbed with lynx and ethereal:
GET /IM39571.jpg HTTP/1.0
Host: picserv.on.zoy.org
Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg,
image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm,
image/gif, application/postscript, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e
. . .
POST /index.php HTTP/1.0
Host: picserv.on.zoy.org
Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg,
image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm,
image/gif, application/postscript, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e
Referer: http://picserv.on.zoy.org/IM39571.jpg
Content-type: application/x-www-form-urlencoded
Content-length: 28
content=&send=1&refer=&user=
. . .
GET /lm.php HTTP/1.0
Host: picserv.on.zoy.org
Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg,
image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm,
image/gif, application/postscript, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e
Referer: http://picserv.on.zoy.org/IM39571.jpg
. . .
GET /lm.php?CLICK+ME=CLICK+ME HTTP/1.0
Host: picserv.on.zoy.org
Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg,
image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm,
image/gif, application/postscript, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e
Referer: http://picserv.on.zoy.org/lm.php
The page lm.php sets a number of variables depending on the User-Agent
string, but only does something different if you are using IE.
var nom = navigator.appName.toLowerCase();
var agt = navigator.userAgent.toLowerCase();
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);
var is_ie = (agt.indexOf("msie") != -1);
var is_ie4up = (is_ie && (is_major >= 4));
var is_nav = (nom.indexOf('netscape')!=-1);
var is_nav4 = (is_nav && (is_major == 4));
var is_mac = (agt.indexOf("mac")!=-1);
var is_gecko = (agt.indexOf('gecko') != -1);
// GECKO REVISION
var is_rev=0
if (is_gecko) {
temp = agt.split("rv:")
is_rev = parseFloat(temp[1])
. . .
<input type="submit" value="CLICK ME" name="CLICK ME" style="width:
2000px; height: 2000px; background-image: url('pooped.jpg'
);"
src="hello.jpg" height="300" width="300" onmouseover="if(is_ie)
{showModelessDialog('procreator.php'); return true; }document.goatse
.reset();playBall();return true;"
onclick="if(is_ie) {showModelessDialog('procreator.php'); return true;
} playBall();return true;"
onmouseout="if(is_ie) {showModelessDialog('procreator.php'); return
true; } else{procreate();} playBall();return true;">
And so on... I haven't looked at all of the other .php pages yet.
Powered by blists - more mailing lists