New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1170
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsFavForums 

IE Spoofed Link Filter

 
Post new topic   Reply to topic       Computer Cops Forum Index -> Proxo Filters
View previous topic :: View next topic  
Author Message
Kye-U

Sergeant
Sergeant



Joined: Oct 18, 2003
Posts: 147
PostPosted: Mon Dec 15, 2003 11:40 pm    Post subject: IE Spoofed Link Filter
Reply with quote
Version 3 is a filter based on the exploit examples on http://www.zapthedingbat.com/security/ex01/vun1.htm and http://www.secunia.com/internet_explore...fing_test/

[Patterns]
Name = "Fix: Spoofed Address v3 [Kye-U]"
Active = TRUE
URL = "$TYPE(htm)|$TYPE(js)"
Bounds = "$NEST(<a\s,>)|$NEST(<input\s,>)|$NEST(<button\s,>)|$NEST(<script\s,>)|$NEST(<*onclick=\s,>)|$NEST(<*onmousedown=\s,>)|$NEST(<*href=\s,>)"
Limit = 512
Match = "\0://\1[^/]++(|;)@\2"
Replace = "\0://\2"

OR [ProxFox's Edition] with the Alert message:

[Patterns]
Name = "Fix: Spoofed Address v3 [Kye-U]"
Active = TRUE
URL = "$TYPE(htm)|$TYPE(js)"
Bounds = "$NEST(<a\s,>)|$NEST(<input\s,>)|$NEST(<button\s,>)|$NEST(<script\s,>)|$NEST(<*onclick=\s,>)|$NEST(<*onmousedown=\s,>)|$NEST(<*href=\s,>)"
Limit = 512
Match = "\0://\1[^/]++(|;)@\2"
Replace = "\0://\2"
"$ALERT(Fixed Spoofed Address - '\2' removed from \0://\1)"
Back to top
View users profile Send private message
Onlooker

Guest
PostPosted: Thu Dec 18, 2003 2:35 am    Post subject: IE Spoofed Link Filter
Reply with quote
I have a little problem with the syntax "(|;)". According to the Prox help file, if one matches something or nothing, the something must come first, otherwise it will never be matched, since nothing can always match. Shouldn't the syntax be "(;|)"?
Back to top
kbirger

Trooper
Trooper



Joined: Jan 16, 2004
Posts: 18
Location: USA
PostPosted: Sat Jan 17, 2004 2:25 pm    Post subject:
Reply with quote
um, it still doesnt fix the exploit on the first site...
Back to top
View users profile Send private message
Kye-U

Sergeant
Sergeant



Joined: Oct 18, 2003
Posts: 147
PostPosted: Sat Jan 17, 2004 2:44 pm    Post subject:
Reply with quote
This is an older version. The latest and probably final version is v5.
Back to top
View users profile Send private message
kbirger

Trooper
Trooper



Joined: Jan 16, 2004
Posts: 18
Location: USA
PostPosted: Sat Jan 17, 2004 3:01 pm    Post subject:
Reply with quote
forgive me if this is stupid, but where can i find v 5?=)
Back to top
View users profile Send private message
Kye-U

Sergeant
Sergeant



Joined: Oct 18, 2003
Posts: 147
PostPosted: Sat Jan 17, 2004 3:07 pm    Post subject:
Reply with quote
http://www.computercops.biz/postt10365.html
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       Computer Cops Forum Index -> Proxo Filters All times are GMT - 5 Hours
Page 1 of 1

 
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 1341 pages served in previous 5 minutes. Page Rendered: 0.333 seconds.