I have found few attack GET requests on a web application.
mysite.com/login/auth;jsessionid=%22%20or%20%22d%22=%22d
mysite.com/login/auth;jsessionid=1%20and%2013=3%20--%20-
mysite.com/login/auth;jsessionid=C5C7348B296E4E39E84DD6B4BC93191D?alert(14721858.07197)<a>
mysite.com/login/auth;jsessionid=C5C7348B296E4E39E84DD6B4BC93191D?"style="x:expr/**/ession(alert(14721858.07267))
I will appreciate if anyone can tell what any help! Thanks!
They are probing the url in several ways.
Session Prediction, (that looks like this):
mysite.com/login/auth;jsessionid=%22%20or%20%22d%22=%22d
mysite.com/login/auth;jsessionid=1%20and%2013=3%20--%20-
These links discuss that:
what is the vulnerability of having Jsessionid on first request only
and this
Testing for Session Fixation
And, UI hijacking and encoded URL hacking, discussed here:
Three Semicolon Vulnerabilities
Good luck with that...
