Tuesday, August 9, 2016

Expect: alert(document.domain)

GET / HTTP/1.1
Expect: <script>alert(document.domain)</script>

Saw this request in some web logs, what is it? Appears to be a super old XSS (cross site scripting) vulnerability on Apache based web servers from like back in 2006. The attacker is thus looking to see if he can find super old servers that were never patched. The javascript alert method will create a popup box in the browser, and the document.domain variable will print out the current domain (beginning part of the url) that the page is on if vulnerable.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment