Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Our web honeypots picked up some more XSS attacks today:
The highlighted data in the Apache access_log holds the User-Agent field token data from the request. In this case, the attacker has inserted some Javascript code that would use the window.location function to cause the web browser to request the txt2pic.com website. After checking out that location we find the following:
$ curl -D - http://txt2pic.comHTTP/1.1 302 Object movedServer: Microsoft-IIS/5.0Date: Fri, 30 Nov 2012 14:36:28 GMTFun: www.WHAK.comConnection: closeLocation: http://www.imagegenerator.orgContent-Length: 150Content-Type: text/htmlSet-Cookie: ASPSESSIONIDCQSCSBBC=HCPFGNFAEIIHNDEPAEFEFFHL; path=/Cache-control: privateObject moved<h1>Object Moved</h1>This object may be found <a href="http://www.imagegenerator.org">here</a>.
This server responds with a 302 redirect and sends the user onto the imagegenerator.org website. So, this attack scenario presumably is simply a method of SPAM linking to increase web traffic hits.
While this attack instance was relatively harmless, the take away from this example is that you must take care if you are ever utilizing any type of web-based log analytic processes. If you are ever using a web browser to review log file data, this type of an attack may trigger. See CAPEC-106: Cross Site Scripting through Log Files for more info.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.