Re: [SAtalk] IE redirect rule

Thu, 18 Dec 2003 22:07:24 -0800

Tim B wrote:

Bill Larson wrote:

http://www.dslreports.com/shownews/36402
http://www.enterpriseitplanet.com/security/news/article.php/3288771
http://www.secunia.com/advisories/10395/
Microsoft Knowledge Base Article - 833786:
http://support.microsoft.com/?id=833786

In this exploit using:
http://[EMAIL PROTECTED]/malicious.html

http://[EMAIL PROTECTED]/malicious.html

http://[EMAIL PROTECTED]/malicious.html

returns http://www.trusted_site.com/ in the browser address line this can
be done with any website. It can also be done with a https site as well.


Any suggested rulesets for this one.


Bill Larson



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

funny, I was just working on something for this... this is what I have so far. I'm not very good with perl expressions soo....

rawbody     /htt(p|ps):\/\/[EMAIL PROTECTED]/i
describe    IE Exploit See Microsoft Knowledge Base Article - 833786
score        6.0



ack, I forgot to type in the test name... the name I'm using is IE_EXPLOIT_1


Oh yea.. and what I read off of bugtraq 0x01 or 0x00 also works...

so maybe something like this as well

rawbody IE_EXPLOIT_2 /htt(p|ps):\/\/[EMAIL PROTECTED]/i
describe IE_EXPLOIT_2 IE Exploit See Microsoft Knowledge Base Article - 833786
score IE_EXPLOIT_2 6.0





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to