H guys
I have seen a similar code on my WAF being detected as XSS attack. But
further investigation proved it was false positive. In fact the code
is an AJAX code. Ajax code has JS code in URL.
Just thought might help :D
On 4/5/12, Patrick Laverty <patrick_laverty (at) brown (dot) edu [email concealed]> wrote:
> Jerome-
>
> Looks like some bad stuff like xss. Changing the encoding, I get
> things like below. I'm a beginner so I can't tell you anything in
> depth, but it looks like it's trying to grab cookies and play with a
> timer on the site? If the request is working, check with the plugin's
> author and see what they know about this?
>
>
> http://www.domain.com/wp-content/plugins/sociable-30/addtofadexOf(c_name
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
I have seen a similar code on my WAF being detected as XSS attack. But
further investigation proved it was false positive. In fact the code
is an AJAX code. Ajax code has JS code in URL.
Just thought might help :D
On 4/5/12, Patrick Laverty <patrick_laverty (at) brown (dot) edu [email concealed]> wrote:
> Jerome-
>
> Looks like some bad stuff like xss. Changing the encoding, I get
> things like below. I'm a beginner so I can't tell you anything in
> depth, but it looks like it's trying to grab cookies and play with a
> timer on the site? If the request is working, check with the plugin's
> author and see what they know about this?
>
>
> http://www.domain.com/wp-content/plugins/sociable-30/addtofadexOf(c_name
> + "=");
> if (c_start!=-1) | c_start=c_start + c_name.length+1;
>
> c_end=document.cookie.indexOf(";",c_start);
>
> if (c_end==-1)
> c_end=document.cookie.length;
> return unescape(document.cookie.substring(c_start,c_end));
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]