[FUG-BR] Fwd: [Snort-BR] Fwd: [Snort-sigs] Crusoe Researches offer new rule for detecting Google Chrome browser undef handler special char attempt!

Paulo Henrique paulo.rddck em bsd.com.br
Quarta Setembro 3 19:31:57 BRT 2008 

---------- Forwarded message ----------
From: Rodrigo Montoro(Sp0oKeR) <spooker em gmail.com>
Date: 2008/9/3
Subject: [Snort-BR] Fwd: [Snort-sigs] Crusoe Researches offer new rule for
detecting Google Chrome browser undef handler special char attempt!
To: Lista Snort Cipsga <snort-ids em listas.cipsga.org.br>


Não sei quem já esta usando o chrome, mas saiu uma falha dele e
criaram essa regra:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT
Google Chrome browser undefined handler special character attempt";
flow:to_client,established; content:"href="; nocase;
content:!"http\:"; nocase; within:10; distance:0; content:"\:";
within:10; distance:0; content:"%"; within:10; distance:0;
pcre:!"/[a-z0-9]href\=/i";
pcre:"/href\=\s*(\"|\')?(.){0,9}\:\s*(.){0,9}\%/i";
pcre:"/href\=\s*(\"|\')?[^>]*\:\s*[^>\/]*\%/i";
reference:bugtraq,30983; classtype:attempted-user; sid:93323; rev:1;)


---------- Forwarded message ----------
From: rmkml <rmkml em free.fr>
Date: Wed, Sep 3, 2008 at 11:24 AM
Subject: [Snort-sigs] Crusoe Researches offer new rule for detecting
Google Chrome browser undef handler special char attempt!
To: snort-sigs em lists.sourceforge.net
Cc: Contact em crusoe-researches.com


Hi,

Crusoe Researches offering a new rule for detecting Google Chrome browser
undef handler special char attempt :

http://www.Crusoe-Researches.com/en/googlechromebrowserundefhandlerspecialchar.txt

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact em Crusoe-Researches.com
=> Crusoe Researches have more than 3323 UNIQ 'snort' rules for
Commercial Access
        (Contact me directly if you are interested)

Regards
Rmkml
Crusoe-Researches.com

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-sigs mailing list
Snort-sigs em lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs



--
===========================
Rodrigo Montoro (Sp0oKeR)
Security Analyst
SnortCP / RHCE / LPIC-I / MCSO
http://www.spooker.com.br
http://www.snort.org.br
http://www.linkedin.com/in/spooker
===========================

_______________________________________________
Comunidade SNORT-BR
Snort-ids em listas.cipsga.org.br
http://snort.linuxsecurity.com.br
http://listas.cipsga.org.br/cgi-bin/mailman/listinfo/snort-ids




-- 
Atenciosamente Paulo Henrique.

Mais detalhes sobre a lista de discussão freebsd