-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 22, 2003 at 09:33:00PM -0400, Justin Shin wrote: > i know there's a lot of stupid jokes about XSS vulns right now, but I was wondering > if there is any firewall or IDS software that can look for suspicious GET requests > ... ie. > > GET /vulnerablewebapp/?<XSS SHZNIT> > > I'm sure there's a program out there ... and I'm stupid, please don't kill me... >
It's a little-known tool, to be sure :-) Here's an example: http://www.snort.org/snort-db/sid.html?sid=1667 Hope this helps... (or did I totally misunderstand your question? petard - -- top-post: n., v. - [common] To put the newly-added portion of an email or Usenet response before the quoted part, as opposed to the more logical sequence of quoted portion first with original following. [...] This term is generally used pejoratively with the implication that the offending person is a newbie, a Microsoft addict (Microsoft mail tools produce a similar format by default), or simply a common-and-garden-variety idiot. - The jargon file -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (NetBSD) iD8DBQE/HgDYgkiZ59A0kiQRAh8UAJ9elCfSYzpH02VfOeMYn5NZKA+QnQCfVGg3 LXa1GtmiNI2A3c+hF085i08= =+DHb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html