---------- Forwarded message ---------- From: Rodrigo Montoro(Sp0oKeR) <[EMAIL PROTECTED]> Date: 2008/9/3 Subject: [Snort-BR] Fwd: [Snort-sigs] Crusoe Researches offer new rule for detecting Google Chrome browser undef handler special char attempt! To: Lista Snort Cipsga <[EMAIL PROTECTED]>
Não sei quem já esta usando o chrome, mas saiu uma falha dele e criaram essa regra: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Google Chrome browser undefined handler special character attempt"; flow:to_client,established; content:"href="; nocase; content:!"http\:"; nocase; within:10; distance:0; content:"\:"; within:10; distance:0; content:"%"; within:10; distance:0; pcre:!"/[a-z0-9]href\=/i"; pcre:"/href\=\s*(\"|\')?(.){0,9}\:\s*(.){0,9}\%/i"; pcre:"/href\=\s*(\"|\')?[^>]*\:\s*[^>\/]*\%/i"; reference:bugtraq,30983; classtype:attempted-user; sid:93323; rev:1;) ---------- Forwarded message ---------- From: rmkml <[EMAIL PROTECTED]> Date: Wed, Sep 3, 2008 at 11:24 AM Subject: [Snort-sigs] Crusoe Researches offer new rule for detecting Google Chrome browser undef handler special char attempt! To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Hi, Crusoe Researches offering a new rule for detecting Google Chrome browser undef handler special char attempt : http://www.Crusoe-Researches.com/en/googlechromebrowserundefhandlerspecialchar.txt Credits: Crusoe Researches http://www.Crusoe-Researches.com [EMAIL PROTECTED] => Crusoe Researches have more than 3323 UNIQ 'snort' rules for Commercial Access (Contact me directly if you are interested) Regards Rmkml Crusoe-Researches.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-sigs mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/snort-sigs -- =========================== Rodrigo Montoro (Sp0oKeR) Security Analyst SnortCP / RHCE / LPIC-I / MCSO http://www.spooker.com.br http://www.snort.org.br http://www.linkedin.com/in/spooker =========================== _______________________________________________ Comunidade SNORT-BR [EMAIL PROTECTED] http://snort.linuxsecurity.com.br http://listas.cipsga.org.br/cgi-bin/mailman/listinfo/snort-ids -- Atenciosamente Paulo Henrique. ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd