RISE FROM YOUR GRAVE......... A lil Altered Beast anyone ? ~pingywon
----- Original Message ----- From: "Morning Wood" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, March 18, 2005 1:34 PM Subject: [Full-disclosure] Blocks OWA Redirect Attempts > since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt > rule to prevent OWA redirect phishing. > > D.W > > ------------------------ / start / -------------------- > > <?xml version='1.0'?> > <!DOCTYPE CSAMCEXPORT> > > <CSAMCEXPORT export_time="Thu Mar 10 13:15:40 Eastern Standard Time 2005" > format_version="4.0"> > <DATASET hidden="0" description="Blocks OWA Redirect Attempts" name="Outlook > Web Access Redirect" id="5264" _toplevel="0"> > <DATA_IN value="*/exchweb/bin/auth/owalogon.asp?url=*"/> > <DATA_EX > value="*/exchweb/bin/auth/owalogon.asp?url=https://mymail.com/exchange*"/> > </DATASET> > > <RULE description="Deny OWA Exploits" user_msg="" tla="DACL" id="660" > description_detail="" action="deny" log="log_low" priority="201" > _toplevel="0" enabled="1"> > <APPCLASS_REF ref_id="120"/> > <DATASET_REF ref_id="5264"/> > </RULE> > > <APPCLASS is_session_void="0" ostype="W" description="IIS Web Server > executable file" name="IIS Web Server application" id="120" is_timeout="0" > description_detail="" _toplevel="0" timeout="" process_group="0" > apptype="S"> > <USE_IN_PROD value="SW"/> > <USE_IN_PROD value="SF"/> > <FILE_LITERAL file="inetinfo.exe" dir="**"/> > <FILE_LITERAL file="w3wp.exe" dir="**"/> > </APPCLASS> > > <POLICY ostype="W" description="Protects OWA against URL Injection exploits" > name="Custom OWA Module" id="74" description_detail="" _toplevel="1" > mandatory="0"> > <RULE_REF ref_id="660"/> > </POLICY> > > </CSAMCEXPORT> > > ---------------------- / end / ---------------------- > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://www.secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
