13 Date: Thu, 22 Jul 2010 11:22:33 GMT
\r
15 Content-Type: text/html
\r
18 # Here are some strings the ie-exploits filter should filter:
22 f("javascript:location.replace('mk:@MSITStore:C:')");
26 <a href="http://www.example.org/%hex[%01]hex%@blafasel">
27 <a href="http://www.example.org/%hex[%02]hex%@blafasel">
28 <a href="http://www.example.org/%hex[%03]hex%@blafasel">
30 <a href="http://www.example.org/%00@blafasel">
31 <a href="http://www.example.org/%01@blafasel">
32 <a href="http://www.example.org/%02@blafasel">
36 <script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
37 <script language="JavaScript">1;''.concat("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
44 Date: Thu, 22 Jul 2010 11:22:33 GMT
\r
46 Content-Type: text/html
\r
50 # Here are some strings the ie-exploits filter should filter:
54 alert("This page looks like it tries to use a vulnerability described here:
55 http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2");
59 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
60 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
61 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
63 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
64 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
65 <a href="http://www.example.org/MALICIOUS-LINK@blafasel">
69 <br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
70 <br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
85 http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER
91 GET /ie-exploits/%TESTNUMBER HTTP/1.1
\r
92 Host: %HOSTIP:%HTTPPORT
\r
93 User-Agent: curl/%VERSION
\r