On Fri, 15 May 2009, Adam Katz wrote:
Adam Katz wrote:
Relative URIs are only safe when prefacing the URI. Requiring the
protocol beforehand should do the trick. Since "http://" is the
implied protocol and is 8 chars, we get this:
uri URI_HIDDEN /.{8}\/\../
Ned Slider wrote:
Yep - that works great for me and I understand the logic (I assume you
meant the protocol is a max of 8 chars as in "https://").
I was initially thinking https, but it appears SA's "uri" always
converts relative URIs into "http://" links, so we want a "7" there.
What about an explicit "https://.." URI?
I should also have noted that while this works around the SA bug, it
also ignores hidden dirs and files appearing early in relative paths,
like <a href="a.bc/.secret">
That href would get "http://" prepended, though, would it not?
and of course it will have to be undone when SA patches that bug.
Yup. However, I think that a hostname _that_ short is extremely unlikely
in real world spams/phishes.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
6 days until the 5th anniversary of SpaceshipOne winning the X-prize