[Mimedefang] Browser Bug: Very bad in IE and varies on Netscapeand Mozilla
Kevin A. McGrail
kmcgrail at pccc.com
Sat Dec 20 00:22:17 EST 2003
Jonas,
I believe any uri with a %00 or %01 and an @ symbol is definitely just bad
so the bother of excluding slashes seems extraneous. I'm doing a uri test
so spamassassin should only be providing it things that it thinks are links.
Therefore, my theory is that any url with %00 or %01 and an @ should be
considered an attempt at using the exploit.
uri KAM_URIPARSE /\%0[01].*\@/
David, you mentioned that .* is really bad in SA tests but I thought that
did not apply to URI tests?
Regards,
KAM
----- Original Message -----
From: "Jonas Eckerman" <jonas_lists at frukt.org>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, December 19, 2003 9:41 PM
Subject: Re: [Mimedefang] Browser Bug: Very bad in IE and varies on
Netscapeand Mozilla
> On Sat, 20 Dec 2003 02:52:34 +0100, Jonas Eckerman wrote:
>
> > uri KAM_URIPARSE /[a-z]+\:\/\/\%0[01].*\@/
>
> Forget I wrote that. Obviously I need to sleep now. Something like this
(untested) might be feasible though:
>
> uri KAM_URIPARSE /^[^\/]*\%0[01][^\/]*\@/
>
> That way, it'll only test before the first /, it will trigger for both %00
and %01 and for URIs where other characters are placed between the %00/%01
and the @.
>
> Godd night
> /Jonas
>
> --
> Jonas Eckerman, jonas_lists at frukt.org
> http://www.fsdb.org/
>
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list